Prevention from SQL Injection attack in ASP.NET

December 15, 2014 0 Comments

In myPrevious article, we have already learn about SQL injection attack. We saw that if we use Text Box for retrieving data from the database then other queries also perform with the same database. So, Microsoft provide, Parameterized query for DML and DQL statements. Like
Replace this statement with the parameterized query

Direct Interface with TextBox (SQL Injection Attack Possible)

cmd.CommandText = "Select * from [TableName] where name='"+TextBox1.Text+"'";

Resolve this problem by the parameterized query

cmd.CommandText = "Select * from [TableName] where name=@name1";

Now that video give more clearance :   

Bill Smithwick

Some say he’s half man half fish, others say he’s more of a seventy/thirty split. Either way he’s a fishy bastard. Google