Click here to Skip to main content
Rate this: bad
Please Sign up or sign in to vote.
See more: C#4.0
I have an application which is prone to sql injection.while forming the queries, its taking inputs directly from the controls or query string etc
Now I have to remove the risk of sql injection from the whole application. I know there are two ways to do that:
1. make the query parameterized
2. or make the stored procedures

But the problem is that, there are around 12000 instances where I have to make the changes, if I follow any of the above two methods.
My question here is:
Is there any other way to do this when the instance count is too big?
Posted 7-Feb-13 19:12pm
Rahul Dhoble at 8-Feb-13 0:16am
There is no such functionality available.
you have to make it manually
Sunny Rajpoot at 8-Feb-13 0:25am
I mean to say there is any other way so that I can reduce the effort. I mean at the database side or somewhere else
Rate this: bad
Please Sign up or sign in to vote.

Solution 1

You can "Filter Input And Escape Output".
That means you need to be 100% sure of what you are saving to your database by proper validations and restrictions while storing the data.
Refer -
1. Hack-Proofing Your ASP.NET Applications[^].
2. Securing Your ASP.NET Applications[^].
But, still I suggest you to go for parameterized query and Stored Procedures.
It will take time to build, but will secure your application for sure.
Rate this: bad
Please Sign up or sign in to vote.

Solution 2

You are right that it is a terrible amount of stupid work to do. I know that myself: I changed all our code from simple string concatenation to parameterized queries...

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
0 OriginalGriff 587
1 Sergey Alexandrovich Kryukov 544
2 Maciej Los 325
3 DamithSL 223
4 Mathew Soji 195
0 OriginalGriff 7,356
1 Sergey Alexandrovich Kryukov 6,712
2 DamithSL 5,461
3 Manas Bhardwaj 4,916
4 Maciej Los 4,475

Advertise | Privacy | Mobile
Web04 | 2.8.1411023.1 | Last Updated 8 Feb 2013
Copyright © CodeProject, 1999-2014
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100