Click here to Skip to main content
15,903,523 members
Search within:


Articles / Database Development / MySQL
 
Stats

C# SQL Injection Detection – Especially for Legacy .NET Code

Rate me:
Please Sign up or sign in to vote.
3.80/5 (4 votes)
7 Mar 2020MIT7 min read 12.4K   9  
The benefit of this approach is that you can then regularly scan your entire code base for the use of .ExecuteReader and .ExecuteNonQuery knowing that there should be no cases of those methods, other than the exception cases you expect.
The primary technique I recommend in this article for adding SQL Injection detection into your application is to stop using the .ExecuteReader and .ExecuteNonQuery methods. Instead, use the Decorator pattern to create your own method to be called in place of those two, and that method will include code to do some SQL Injection detection.

Views

Daily Counts

License

This article, along with any associated source code and files, is licensed under The MIT License


Written By
Rob Kraft
Software Developer (Senior) Kraft Software LLC
United States United States
Rob Kraft is an independent software developer for Kraft Software LLC. He has been a software developer since the mid 80s and has a Master's Degree in Project Management. Rob lives near Kansas City, Missouri.

Comments and Discussions

Permalink
Advertise
Privacy
Cookies
Terms of Use
Layout: fixed | fluid

Posted 7 Mar 2020

Article Copyright 2020 by Rob Kraft
Everything else Copyright © CodeProject, 1999-2024

Web03 2.8:2024-05-14:1