Last post Feb 04, 2021 11:23 AM by wefocusoncare
Jan 28, 2021 08:15 AM|maverick786us|LINK
I have this simple query executed in custom control.
SELECT StateID, StateName FROM State WHERE IsEnabled = 'TRUE' ORDER BY StateName
How can I prevent SQL Injection form this code?
Jan 28, 2021 08:29 AM|Mikesdotnetting|LINK
That code is not susceptible to SQL injection. SQL injection is only possible if you incorporate untrusted input as part of the SQL statement e.g.:
SELECT StateID, StateName FROM State WHERE IsEnabled = " + Request.Query["some_value"] + "' ORDER BY StateName
Usually, this input comes from form fields and URLs. You use parameterized queries to prevent SQL injection:
Jan 28, 2021 12:00 PM|maverick786us|LINK
Thank you Mike
Feb 04, 2021 11:23 AM|wefocusoncare|LINK
Always follow below rules to prevent sql injection