Click here to Skip to main content
Rate this: bad
good
Please Sign up or sign in to vote.
i have a problem with text box.
 
when user write something in text boxes, it will save it but sql query or bad text or some thing automatically injected in database , i dint know what is happening to it...... it saves false data in database.
 
2.i am thinking that sql was automatically injected by the format of text.
 
can any 1 provide me solution for it..
 
i cant restrict my text box for special characters .
 
this is why i am facing so many problems.
Posted 4-Sep-12 22:08pm
Comments
pradiprenushe at 5-Sep-12 6:36am
   
Can you give ex?
What had you tried to insert & what was in the database?
Wes Aday at 5-Sep-12 14:50pm
   
How are you saving the data? Are you using parameterized queries?
syedaliaizazuddin at 6-Sep-12 0:30am
   
no bro.....
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 2

Just Use Stored Procedure In Insert,Update,Select On Database .
  Permalink  
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 4

Hello,
 
These articles might able to help you identify the vulnerabilities. Make sure you sanitize the user input on the server side also ,don't depends only on client side validation (JavaScript). Using Stored Procedure will not 100% shield your application from the vulnerability. It depends on how you use it. if you have a Stored Procedure with dynamic query that might open to SQL injection as well.
 
http://msdn.microsoft.com/en-us/library/ff648339.aspx[^]
 
SQL Injection and Cross-Site Scripting[^]
 
http://www.mikesdotnetting.com/Article/113/Preventing-SQL-Injection-in-ASP.NET[^]
 
http://weblogs.asp.net/scottgu/archive/2006/09/30/Tip_2F00_Trick_3A00_-Guard-Against-SQL-Injection-Attacks.aspx[^]
  Permalink  
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 1

Restrict all the special characters (whichever are troubling you) from entering in to the text box. You can find many JavaScript functions which can help you in restricting the special characters.
  Permalink  
Comments
syedaliaizazuddin at 5-Sep-12 4:36am
   
i have teld that i cant restrict it..... mention above in 2nd last line.
thanksh for ur answer
Dasaradhi_r at 5-Sep-12 4:40am
   
May I know why is it not possible? So that I will be able to understand the problem better
syedaliaizazuddin at 6-Sep-12 0:33am
   
because its compant requirement...... they did not allowing me to do that.... im interne .... so thatz why they are not trusting me , i think so......
 
if this is not the problem i will restrict all speacial charachter , there are so many artical on speacial charachter restriction....... but their is any way without restricting...
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 3

I agree with Jafaripur, use store procedures and also maybe try to create a separate project with classes "Class Library" where you will create methods with your SQL statements,then call the methods in your aspx pages and see how will that work.
  Permalink  
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 5

SQL Injection is a one kind of attack where the attacker generates malicious code and send into SQL query to access database or system.
 
For more please visit..
 
http://cybarlab.blogspot.com/2013/02/what-is-sql-injection.html
  Permalink  

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
0 Sergey Alexandrovich Kryukov 565
1 Kornfeld Eliyahu Peter 409
2 Maciej Los 369
3 DamithSL 196
4 OriginalGriff 188
0 OriginalGriff 6,353
1 DamithSL 4,854
2 Maciej Los 4,466
3 Kornfeld Eliyahu Peter 4,058
4 Sergey Alexandrovich Kryukov 3,897


Advertise | Privacy | Mobile
Web04 | 2.8.141220.1 | Last Updated 5 Feb 2013
Copyright © CodeProject, 1999-2014
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100