Introduce DataBase,Asp.net,JavaScript,Xml,Html,Css,Sql,Php,ASP.NET Controls,AJAX,Tools,HTML,CSS,JavaScript,Open Source Project,WPF,.Net Framework,Linq
Top Recommended Hosting

Concerning your article on sql injection

by the3factory 5/10/2008 7:55:00 PM
Question:

You have code related to all versions except ASP.NET 3.5 ...

Will the code for 2.0 work for it?

Thanks.


Answer1:

I'd be interested in seeing this article.  Since I haven't read it, I can't be too sure, but as far as I know, the biggest defense against SQL Injection is the use of named parameters:

 

queryString = "SELECT password FROM Users WHERE username=@username";
command = new SqlCommand(queryString, connection);
command.Parameters.Add("@id", usernameTB.Text);
password = Convert.ToString(command.ExecuteScalar());
 I don't believe this has changed in version 3.5.  Were there any other defenses discussed?  Could you post a link to the article?

Answer2:

The article is at:  http://forums.asp.net/t/1254125.aspx

 


Tags:

Q&A

 
Post RSSRSS comment feed

Related posts

Sign up for PayPal and start accepting credit card payments instantly.


Powered by BlogEngine.NET 1.2.0.0