Protecting your webforms
-
Just curious to know how others go about doing this. I've heard pretty bad things about sql injection attacks. :cool:
Steve McLenithan
Is Bert Evil? -
Just curious to know how others go about doing this. I've heard pretty bad things about sql injection attacks. :cool:
Steve McLenithan
Is Bert Evil?Steve McLenithan wrote: sql injection attacks What I did on my last project was to use Stored Procedures (SQL Server). I believe that will solve most of the problems with SQL Injection attacks. Jonathan
-
Steve McLenithan wrote: sql injection attacks What I did on my last project was to use Stored Procedures (SQL Server). I believe that will solve most of the problems with SQL Injection attacks. Jonathan
That makes sense, would there still be any way around that?
Steve McLenithan
Is Bert Evil? -
That makes sense, would there still be any way around that?
Steve McLenithan
Is Bert Evil?The only way I can see is if you used dynamic sql in your stored procedures. You would then have the same problem.
-
The only way I can see is if you used dynamic sql in your stored procedures. You would then have the same problem.
Jonathan Austin wrote: if you used dynamic sql Gotcha;)
Steve McLenithan
Is Bert Evil? -
Just curious to know how others go about doing this. I've heard pretty bad things about sql injection attacks. :cool:
Steve McLenithan
Is Bert Evil?If you are using SQL Server , you can use sp_executesql with paramters to execute dynamic sql. This should take care of sql injection attacks. I am sure there must be a equivalent of sp_executesql in other DB. Deepak