Prevention from SQL Injection attack in ASP.NET

In myPrevious article, we have already learn about SQL injection attack. We saw that if we use Text Box for retrieving data from the database then other queries also perform with the same database. So, Microsoft provide, Parameterized query for DML and DQL statements. Like
Replace this statement with the parameterized query

Direct Interface with TextBox (SQL Injection Attack Possible)

cmd.CommandText = "Select * from [TableName] where name='"+TextBox1.Text+"'";

Resolve this problem by the parameterized query

cmd.CommandText = "Select * from [TableName] where name=@name1";
cmd.Parameter.AddWithValue("@name1",TextBox1.Text);

Now that video give more clearance :   

Prevention from SQL Injection attack in ASP.NET Prevention from SQL Injection attack in ASP.NET Reviewed by Bill Smithwick on December 15, 2014 Rating: 5

No comments