BT

Your opinion matters! Please fill in the InfoQ Survey!

Preventing SQL Injection Attacks in .NET Applications

| by Jonathan Allen Follow 250 Followers on Oct 24, 2006. Estimated reading time: less than one minute |

A note to our readers: As per your request we have developed a set of features that allow you to reduce the noise, while not losing sight of anything that is important. Get email and web notifications by choosing the topics you are interested in.

Back in September InfoQ reported on Michael Sutton's alarming study of SQL injection vulnerabilities. Fortunately preventing most of them in .NET is not that hard.

SQL injection vulnerabilities are caused by applications that improperly allow users to pass commands to the database. Even simple mistakes creating a SQL command can allow attackers to do massive damage to a database.

Scott Guthrie outlines the most common vector for SQL injection attacks, string concatenation. He then goes on to show a safe method for generating dynamic SQL statements using parameterized queries. He also includes a set of links for those wanting to perform further research.

Rate this Article

Adoption Stage
Style

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Tell us what you think

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread
Community comments

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Discuss

Login to InfoQ to interact with what matters most to you.


Recover your password...

Follow

Follow your favorite topics and editors

Quick overview of most important highlights in the industry and on the site.

Like

More signal, less noise

Build your own feed by choosing topics you want to read about and editors you want to hear from.

Notifications

Stay up-to-date

Set up your notifications and don't miss out on content that matters to you

BT