 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / ASP.NET / General / March 2008SQL Injection detection
Besides parameterizing SQL or using Stored Procedures, is there any reliable way to test if a string has an SQL Injection attack. ...For example, can one use the same method ADO uses when examining parameters to detect SQL Injection? You can run regex, but you have to be careful that the things you are looking for. Generally things like: ' or userName is not null -- You can find the patterns, but what if the pattern is legal in a string? You then throw out things that are valid. Better to parameterize.  SignatureGregory A. Beamer MVP, MCP: +I, SE, SD, DBA ************************************************* | Think outside the box! ************************************************* > Besides parameterizing SQL or using Stored Procedures, is there any > reliable way to test if a string has an SQL Injection attack. ...For > example, can one use the same method ADO uses when examining > parameters to detect SQL Injection?
Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.