Are any of these SQL Queries open to SQL injection attacks?

Posted by Phil on Stack Overflow See other posts from Stack Overflow or by Phil
Published on 2010-01-29T10:24:50Z Indexed on 2010/03/24 12:33 UTC
Read the original article Hit count: 321

Filed under:

ASP.NET

|

sql-injection

|

vb.net

I have re-written my code after great help from some friendly stack overflow members (big thanks to Martin B and Kev Chadders especially). I would now like to check if my code is still open to SQL Injections after this work. I believe the code is now working as it should, but any blinding errors that you see i'd love to hear about too. My code is now looking like:

   -code removed-

© Stack Overflow or respective owner

Related posts about ASP.NET

Migrating ASP.NET MVC 1.0 applications to ASP.NET MVC 2 RTM

as seen on ASP.net Weblogs - Search for 'ASP.net Weblogs'
Note: ASP.NET MVC 2 RTM isn’t yet released! But this tool will help you get your ASP.NET MVC 1.0 applications ready for when it is! I have updated the MVC App Converter to convert projects from ASP.NET MVC 1.0 to ASP.NET MVC 2 RTM. This should be last the last major change to the MVC App Converter… >>> More
April 14th Links: ASP.NET, ASP.NET MVC, ASP.NET Web API and Visual Studio

as seen on ASP.net Weblogs - Search for 'ASP.net Weblogs'
Here is the latest in my link-listing blog series: ASP.NET Easily overlooked features in VS 11 Express for Web: Good post by Scott Hanselman that highlights a bunch of easily overlooked improvements that are coming to VS 11 (and specifically the free express editions) for web development: unit… >>> More
Use ASP.NET 4 Browser Definitions with ASP.NET 3.5

as seen on ASP.net Weblogs - Search for 'ASP.net Weblogs'
We updated the browser definitions files included with ASP.NET 4 to include information on recent browsers and devices such as Google Chrome and the iPhone. You can use these browser definition files with earlier versions of ASP.NET such as ASP.NET 3 Read More......(read more) >>> More
ASP.NET webforms + ASP.NET Ajax versus ASP.NET MVC and Ajax framework freedom

as seen on Stack Overflow - Search for 'Stack Overflow'
If given the choice, which path would you take? ASP.NET Webforms + ASP.NET AJAX or ASP.NET MVC + JavaScript Framework of your Choice Are there any limitations that ASP.NET Webforms / ASP.NET AJAX has vis-a-vis MVC? >>> More
ASP.NET MVC 2 Released

as seen on ASP.net Weblogs - Search for 'ASP.net Weblogs'
I’m happy to announce that the final release of ASP.NET MVC 2 is now available for VS 2008/Visual Web Developer 2008 Express with ASP.NET 3.5. You can download and install it from the following locations: Download ASP.NET MVC 2 using the Microsoft Web Platform Installer Download… >>> More

Related posts about sql-injection

Is this query vulnerable to sql injection?

as seen on Stack Overflow - Search for 'Stack Overflow'
$myq = sprintf("select user from table where user='%s'", $_POST["user"]); I would like to know if the above query can be exploited using SQL injection. Is there any advanced SQL injection technique that could break sprintf for this particular query? >>> More
10 Ways to Prevent or Mitigate SQL Injection Attacks

as seen on Internet.com - Search for 'Internet.com'
SQL injection attacks could allow hackers to compromise your network, access and destroy your data, and take control of your machines. >>> More
10 Ways to Prevent or Mitigate SQL Injection Attacks

as seen on Internet.com - Search for 'Internet.com'
SQL injection attacks could allow hackers to compromise your network, access and destroy your data, and take control of your machines. >>> More
Database Activity Monitoring Part 2 - SQL Injection Attacks

as seen on SQL Server Central - Search for 'SQL Server Central'
If you think through the web sites you visit on a daily basis the chances are that you will need to login to verify who you are. In most cases your username would be stored in a relational database along with all the other registered users on that web site. Hopefully your password will be encrypted… >>> More
SQL Server SQL Injection from start to end

as seen on SQL Team - Search for 'SQL Team'
SQL injection is a method by which a hacker gains access to the database server by injecting specially formatted data through the user interface input fields. In the last few years we have witnessed a huge increase in the number of reported SQL injection attacks, many of which caused a great deal… >>> More