Click here to Skip to main content
13,095,921 members (53,496 online)
Rate this:
Please Sign up or sign in to vote.
See more:

I have an application which is prone to sql injection.while forming the queries, its taking inputs directly from the controls or query string etc

Now I have to remove the risk of sql injection from the whole application. I know there are two ways to do that:

1. make the query parameterized
2. or make the stored procedures

But the problem is that, there are around 12000 instances where I have to make the changes, if I follow any of the above two methods.

My question here is:

Is there any other way to do this when the instance count is too big?
Posted 7-Feb-13 18:12pm
Rahul Dhoble 8-Feb-13 0:16am
There is no such functionality available.
you have to make it manually
Sunny Rajpoot 8-Feb-13 0:25am

I mean to say there is any other way so that I can reduce the effort. I mean at the database side or somewhere else
Rate this: bad
Please Sign up or sign in to vote.

Solution 1

You can "Filter Input And Escape Output".

That means you need to be 100% sure of what you are saving to your database by proper validations and restrictions while storing the data.

Refer -
1. Hack-Proofing Your ASP.NET Applications[^].
2. Securing Your ASP.NET Applications[^].

But, still I suggest you to go for parameterized query and Stored Procedures.
It will take time to build, but will secure your application for sure.

Rate this: bad
Please Sign up or sign in to vote.

Solution 2

You are right that it is a terrible amount of stupid work to do. I know that myself: I changed all our code from simple string concatenation to parameterized queries...

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month

Advertise | Privacy |
Web01 | 2.8.170813.1 | Last Updated 8 Feb 2013
Copyright © CodeProject, 1999-2017
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100