SQL Injection prevention
Posted
by simonsabin
on SQL Blogcasts
See other posts from SQL Blogcasts
or by simonsabin
Published on Fri, 14 May 2010 08:31:58 GMT
Indexed on
2010/05/14
8:56 UTC
Read the original article
Hit count: 289
Filed under:
Just asking people not to use a list of certain words is not prevention from SQL Injection https://homebank.sactocu.org/UA2004/faq-mfa.htm#pp6 To protect yourself from SQL Injection you have to do 1 simple thing. Do not build your SQL statements by concatenating values passed by the user into a string an executing them. If your query has to be dynamic then make sure any values passed by a user are passed as parameters and use sp_executesql in TSQL or a SqlCommand object in ADO.Net...(read more)
© SQL Blogcasts or respective owner