<%@ Page Language="C#" AutoEventWireup="true" CodeFile="Products.aspx.cs" Inherits="Products" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<title>View List of Products</title>
<form id="form1" runat="server">
Getting a List of Products<br />
<asp:GridView ID="GridView1" runat="server">
To check the normal use of this page click here(check the proper query string):
<asp:HyperLink ID="HyperLink2" runat="server" NavigateUrl="Products.aspx?userID=sampleUser">here</asp:HyperLink><br />
To check SQL injection just write use this URL with injection query string:<br />
http://localhost:1537/SQLInjectionDemo/Products.aspx?userID=' UNION SELECT 0 AS
Expr1, password, userID FROM Users --<br />
<asp:HyperLink ID="HyperLink1" runat="server" NavigateUrl="Products.aspx?userID=' UNION SELECT 0 AS Expr1, password, userID FROM Users --">here</asp:HyperLink></div>
By viewing downloads associated with this article you agree to the Terms of Service and the article's licence.
If a file you wish to view isn't highlighted, and is a text file (not binary), please
let us know and we'll add colourisation support for it.
This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)
I Started my Programming career with C++. Later got a chance to develop Windows Form applications using C#. Currently using C#, ASP.NET & ASP.NET MVC to create Information Systems, e-commerce/e-governance Portals and Data driven websites.
My interests involves Programming, Website development and Learning/Teaching subjects related to Computer Science/Information Systems. IMO, C# is the best programming language and I love working with C# and other Microsoft Technologies.
If you like my articles, please visit my website for more: www.rahulrajatsingh.com[^]