Need a Solution For SQL INJECTION

Question

1.00/5 (2 votes)

See more:

My Database was attacked by Sql Injetion.It makes lot of problem.
please Tell me how to stop Sql Injection attacks.
Thanks!..

Posted 21-Mar-13 18:46pm

Maddy selva

Add a Solution

Comments

Hedi Naily 22-Mar-13 4:50am

Google is your best friend, you should try it yourself then come back with concrete problems

4 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

bbirajdar · Answer 1 · 2013-03-21T18:50:00

This is a basic question. Did you try google first ?
Here are the solutions-
http://msdn.microsoft.com/en-us/library/ff648339.aspx[^]
SQL Injection Attacks and Some Tips on How to Prevent Them[^]
http://www.marcofolio.net/features/how_you_can_prevent_an_sql_injection.html[^]
and
more here[^]

lewax00 · Answer 2 · 2013-03-21T18:50:00

You need to make sure your input is properly escaped, and the easiest way is to use parameters, see this question on SO:
http://stackoverflow.com/questions/6547986/how-to-prevent-a-sql-injection-escaping-strings[^]

For a little more in depth information, check out this article:
http://msdn.microsoft.com/en-us/library/ff648339.aspx[^]

sunil mali · Answer 3 · 2013-03-21T20:43:00

Solution 3

You should start using stored procedure,
and you should start sending parameters to your stored procedure....
It looks like you are not using sp's.

Posted 21-Mar-13 20:43pm

sunil mali

Deependra Khangarot · Answer 4 · 2013-03-21T22:01:00

CSS

Never trust user input - Validate all textbox entries using validation controls, regular expressions, code, and so on

Never use dynamic SQL - Use parametrized SQL or stored procedures

Never connect to a database using an admin-level account - Use a limited access account to connect to the database

Don't store secrets in plain text - Encrypt or hash passwords and other sensitive data; you should also encrypt connection strings

Exceptions should divulge minimal information - Don't reveal too much information in error messages; use customErrors to display minimal information in the event of unhandled error; set debug to false

For more information please follow below link:

SQL-Injection-Attacks-and-Some-Tips-on-How-to-Prev

Need a Solution For SQL INJECTION

4 solutions

Solution 1

Solution 2

Solution 3

Solution 4

Add your solution here

Preview 0