Click here to Skip to main content
15,569,644 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
While providing security to web applications we are avoiding special characters inputs from GUI.
But any client want to allowed the special characters in some fields then how to handle special characters validations.

I'm assuming you are talking about preventing SQL injection by stopping users typing their user name as

max;delete from customer;

for example?

But then a customer of yours comes along and wants to enter a lit of items separated by semi-colons?

Essentially you just need to make sure you aren't vulnerable to injection attacks regardless of the text entered.

Don't build your SQL strings by concatenation, for example.

Use stored procedures rather than direct SQL (a matter of preference)

Use parameterised queries

Utilise a database user that does not have access to tables directly (i.e. only through SP and Views)
Share this answer

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900