Limiting SQL injection in SQL Server 2005

Tags:
ASP
SQL injection
SQL Server 2005
I have a site in ASP and on the back-end in SQL Server 2005, but I keep finding SQL injection on my site. Is there code that will prevent SQL injection from getting onto my site?
ASKED: September 9, 2008  7:39 PM
UPDATED: March 26, 2012  4:20 PM

Answer Wiki

Thanks. We'll let you know when a new response is added.

Check your input always! Make sure the input is not garbage and it is what is expected. Remember <b>GIGO</b>! See these articles:

<a href=”http://www.codeproject.com/KB/database/SqlInjectionAttacks.aspx”>CodeProject</a>
<a href=”http://www.wwwcoder.com/main/parentid/258/site/2966/68/default.aspx”>WWWCoder</a>
<a href=”http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci884696,00.html”>SearchSecurity</a>
If you have never heard of <a href=”http://www.4guysfromrolla.com/webtech/061902-1.shtml”>4GuysFromRolla</a>… then be sure to spend some time on their site.

Here is an article on securing your system from<a href=”http://searchsqlserver.techtarget.com/tip/0,289483,sid87_gci1318837,00.html”> SQL injection</a>.

The basic jist of all these articles will be that you need to verify the input prior to the data getting into the database. Once the values are into the database the SQL Server can’t do much to make sure that the data is valid. It needs to be validated before the data gets into the database. The article above on SearchSQLServer.com shows some sample .NET code on how to prevent the bad code from getting into your database.

Discuss This Question: 1  Reply

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following