Prevention from SQL Injection attack in ASP.NET

In myPrevious article, we have already learn about SQL injection attack. We saw that if we use Text Box for retrieving data from the database then other queries also perform with the same database. So, Microsoft provide, Parameterized query for DML and DQL statements. Like
Replace this statement with the parameterized query

Direct Interface with TextBox (SQL Injection Attack Possible)

cmd.CommandText = "Select * from [TableName] where name='"+TextBox1.Text+"'";

Resolve this problem by the parameterized query

cmd.CommandText = "Select * from [TableName] where name=@name1";
cmd.Parameter.AddWithValue("@name1",TextBox1.Text);

Now that video give more clearance :   

Comments

Popular posts from this blog

difference between structure and union in C Language

Difference between Linear search and Binary Search in c language

Difference between static and dynamic websites