Possible Duplicate:
What is SQL injection?
I need to know what is SQL injection and best way to keep secure our database from it.
What technique we should follow to prevention from SQL injection attack.
Possible Duplicate:
What is SQL injection?
I need to know what is SQL injection and best way to keep secure our database from it.
What technique we should follow to prevention from SQL injection attack.
SQL Injection is when a user inputs a query with actual SQL code that is passed to the database engine in order to cause havoc and execute unintended queries (most maliciously DDL statements, like DROP TABLE
)
The technique to prevent SQL Injection is to use parameterized queries.
insert into YourTable
values(@FirstVal, @SecondVal)
SqlCommand SqlInjectionCandidate = new SqlCommand(string.Empty, MySqlConn);
SqlInjectionCandidate.CommandText = @"
insert into YourTable
values('" + FirstNameTextBox.Text + "', '" + LastNameTextBox.Text + "')";
SqlCommand NoSqlInjection = new SqlCommand(string.Empty, MySqlConn);
NoSqlInjection.CommandText = @"
insert into YourTable
values(@FirstCol, @SecondCol)";
NoSqlInjection.Parameters.AddWithValue("@FirstCol", YourFirstColVal);
NoSqlInjection.Parameters.AddWithValue("@SecondCol", YourSecondColVal);