Services
Blog
Map
Contact Me
Rss
About
ASP.NET
This page contains blog records from 'ASP.NET' category.
ASP.NET and SQL Injection
How to protect ASP.NET application from SQL Injection vulnerabilities? The first step we can take to protect our software is to understand the SQL Injection vulnerability problem. SQL Injection is a vulnerability that allows hackers to inject malicious code into your SQL script. More info about SQL Injection may be found in my SQL Injection and PHP article.
How to prevent SQL Injection in ASP.NET applications? I do not recommend you to use regular expressions to prevent users or hackers from entering characters that may allow them to break into the database. It is not the best practice in ASP.NET application. Do not try to remove any symbols from the parameters with the data received from the WEB site users. The best practice is to use parameterized SQL queries. You have to use parameters in you queries!
Let's take a look at the next example that use parameterized query to prevent SQL Injection attack on my ASP.NET application:
Online services, Security and WEB development
Legal Notices | Privacy Policy