Search

Monday, December 15, 2014
0 comments

Prevention from SQL Injection attack in ASP.NET

5:58 PMMonday, December 15, 2014
In myPrevious article, we have already learn about SQL injection attack. We saw that if we use Text Box for retrieving data from the database then other queries also perform with the same database. So, Microsoft provide, Parameterized query for DML and DQL statements. Like
Replace this statement with the parameterized query

Direct Interface with TextBox (SQL Injection Attack Possible)

cmd.CommandText = "Select * from [TableName] where name='"+TextBox1.Text+"'";

Resolve this problem by the parameterized query

cmd.CommandText = "Select * from [TableName] where name=@name1";
cmd.Parameter.AddWithValue("@name1",TextBox1.Text);

Now that video give more clearance :   

Protected by Copyscape Online Copyright Protection Software

0 comments :

Post a Comment

 
Toggle Footer
Top