sql injection in asp.net C#

Question

1.00/5 (4 votes)

See more:

Hi ! i want an exaple like this :

http://blogs.iis.net/nazim/archive/2008/04/28/filtering-sql-injection-from-classic-asp.aspx[^]

but i need this code for asp.net C#
its not for new vesion ...
can U help me ? or on Exam ??

Posted 9-Aug-14 18:16pm

‫محم د‬‎

Add a Solution

Comments

Bernhard Hiller 11-Aug-14 3:04am

Are you crazy? That blog is a pure WTF. Do not use that crap, any hacker will not have any problems to hack your site.

2 solutions

Solution 2

Command parameters are the safest way to avoid SQL Injection.

Posted 9-Aug-14 19:55pm

Abhinav S

Comments

‫محم د‬‎ 10-Aug-14 2:06am

I need A class
in class filter the character like : join , delete , ...
and include that class in all page ! example this link
http://blogs.iis.net/nazim/archive/2008/04/28/filtering-sql-injection-from-classic-asp.aspx

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Sergey Alexandrovich Kryukov · Accepted Answer · 2014-08-09T18:32:00

Solution 1

Please see my past answers:
EROR IN UPATE in com.ExecuteNonQuery();[^],
hi name is not displaying in name?[^].

This is how it works: http://xkcd.com/327[^] :-).

Use http://msdn.microsoft.com/en-us/library/ff648339.aspx[^].

—SA

Posted 9-Aug-14 18:32pm

Sergey Alexandrovich Kryukov

Comments

Thanks7872 10-Aug-14 0:44am

Clear enough. +5

Sergey Alexandrovich Kryukov 10-Aug-14 1:49am

Thank you, Rohan.
—SA

‫محم د‬‎ 10-Aug-14 1:31am

no ! in there Use store proc on parameter ...
i want use filter like that link ! but that in asp calssic

Sergey Alexandrovich Kryukov 10-Aug-14 1:50am

Not clear what you are talking about. Didn't I answer your question? What's "no"?
—SA

Abhinav S 10-Aug-14 1:54am

5 for the XKCD.

Sergey Alexandrovich Kryukov 10-Aug-14 2:22am

Thank you, Abhinav.
—SA

‫محم د‬‎ 10-Aug-14 2:03am

I need A class
in class filter the character like : join , delete , ...
and include that class in all page ! example this link
http://blogs.iis.net/nazim/archive/2008/04/28/filtering-sql-injection-from-classic-asp.aspx

Thanks7872 10-Aug-14 11:23am

No one will be going to teach you. You have already been advised how to proceed.

Sergey Alexandrovich Kryukov 10-Aug-14 13:44pm

Wrong approach. You should no filter those characters. Probably you did not understand correct solution. Please read my answer again and try to understand.
—SA