SQL Injection Validation

5 pts.
Tags:
SQL injection
SQL Injection Validation
SQL Server Data Validation
HOW CAN I USE VALIDATION CODES IN ORDER TO AVOID SQL INJECTION IN MY WEB SERVER? I MEAN, EVERYBODY KNOW THAT HTML MODIFICATION IS VERY EASY, SO, DO I HAVE TO USE WEB SERVICES TO DO THIS OR GET ANOTHER APP?
ASKED: July 9, 2009  4:01 PM
UPDATED: July 29, 2009  6:48 PM

Answer Wiki

Thanks. We'll let you know when a new response is added.

At the very basic level check the values that the user submits before you send them to the SQL Server and remove any single quotes and semi-colons. You may want to look at this <a href=”http://searchsqlserver.techtarget.com/tip/0,289483,sid87_gci1318837,00.html”>article </a>as well.

SQL injection is usually an issue when dynamic sql is being used in the Stored Procedures. ou can parameterize the queries and use the MSSQL procedure sp_executesql to run the query. This will protect against any SQL injection. If you are creating your statement on the fly (i.e. set @vs_sql = ‘Select something from table where field = ‘ + @field) then you will have issues. This isn’t the recommended way of writing the query.

Discuss This Question:  

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following