.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
 
Sign In
Register
 
Win Surprise Gifts!!!
Congratulations!!!


Top 5 Contributors of the Month
david stephan

Home >> Forum >> ASP.Net >> Post New QuestionBookmark and Share Subscribe to Forum

ASP.NET - SQL injection and HTML injection

Posted By: Sruthi Keerthi     Posted Date: September 18, 2009    Points:2   Category :ASP.Net
.
Hi,
Would you please let me know how to prevent SQL injection and HTML injection on an ASP.NET website?


Would you please also provide a reference document or web references (If needed).


Thanks and Regards..
Shruthi Keerthi.
.

Responses
Author: Rahul             
Posted Date: September 18, 2009     Points: 5   

Hi,

SQL injection is all about how you are building you sqlquery and querying the data from database.

SQL injection is a trick to inject SQL query/command as an input possibly via web pages. Many web pages take parameters from web user, and make SQL query to the database. Take for instance when a user login, web page that user name and password and make SQL query to the database to check if a user has valid name and password. With SQL Injection, it is possible for us to send crafted user name and/or password field that will change the SQL query and thus grant us something else.

Check out this articles about SQL injection and help you to build you SQL query and also how to handle SQL Injection.

http://www.securiteam.com/securityreviews/5DP0N1P76E.html



Post Reply

You must Sign In To post reply
 
 
Find more Forum Questions on C#, ASP.Net, Vb.Net, SQL Server and more Here
Quick Links For Forum Categories:
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  OOPs  SilverlightIISJQuery
JavaScript/VBScriptBiztalkWPFPatten/PracticesWCFOthers
www.DotNetSpark.comUnAnsweredAll

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend