I have an application which is prone to sql injection.while forming the queries, its taking inputs directly from the controls or query string etc
Now I have to remove the risk of sql injection from the whole application. I know there are two ways to do that:
1. make the query parameterized
2. or make the stored procedures
But the problem is that, there are around 12000 instances where I have to make the changes, if I follow any of the above two methods.
My question here is:
Is there any other way to do this when the instance count is too big?
This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)