Check for sql injection

Question

2.33/5 (6 votes)

See more:

Does anyone have an idea that how could I check for a website programmatically that whether it is susceptible to sql-injection or not. Any help or suggestions will be appreciated.

[EDIT]: I have to check programatically that any url name provided to my application, has sql injection susceptibility or not. I always use parameterized queries(to avoid such sort of issue), but the task is to check it for all and any url's provided for other websites. This is the service we need to provide to our customers through our application. I hope this is more clear now.

I want to create a service like one provided in the link below:

See this[^]

Thanks and Regards.
Anurag

Posted 5-Dec-10 19:56pm

@nuraGGupta@

Updated 5-Dec-10 22:31pm

v3

Add a Solution

Comments

Toli Cuturicu 6-Dec-10 3:36am

You seem dangerous to me.

@nuraGGupta@ 6-Dec-10 3:50am

@Toli Cuturicu: You just shut up, and try to understand the problem better before providing your feedback. Didn't you got to read the question completely? I said it programatically (the problem lies there), and I guess you have never done any such sort of work, so please keep yourself out of this.

Dalek Dave 6-Dec-10 4:21am

You think being rude will prove helpful?

@nuraGGupta@ 6-Dec-10 4:27am

Yes, that will not be in any case, but was this justified to provide such a comment without even reading the question properly. No offenses from my side.

Ankur^\m/ 6-Dec-10 4:39am

I found Toli's comment humorous rather than rude.
This is not the way you talk to someone in a public forum. Please be polite.

@nuraGGupta@ 6-Dec-10 4:42am

But "humour" doesn't comes with a single vote. I don't have any problem with the single vote. But the comment along with that was mixing up the things.

@nuraGGupta@ 6-Dec-10 4:44am

Anyways, deep apologies from me, if you find me wrong. I dont want to hurt anyone at all.

@nuraGGupta@ 6-Dec-10 5:31am

When the question is not framed correctly they say to make it readable, when it is framed readable, they simply don't read it proper.

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

thatraja · Accepted Answer · 2010-12-05T20:15:00

Solution 1

Sounds like you want to do somewhere :rolleyes: Ok just change your question & now you can get the following links in CP.

SQL injection attacks[^]

SQL Injection Attacks and Some Tips on How to Prevent Them[^]

So now you can test yourself.

Got it here you go.

URL Encryption in ASP.NET[^]

Posted 5-Dec-10 20:15pm

thatraja

Updated 5-Dec-10 22:01pm

v2

Comments

@nuraGGupta@ 6-Dec-10 2:19am

oh thanks, I will check them. No I am not trying to do it. I need to implement it for my inhouse project.

thatraja 6-Dec-10 2:22am

ok. Particularly use sql command with parameters to data manipulation which will reduce the issues.

@nuraGGupta@ 6-Dec-10 3:46am

Oh,now I got to know why I got one vote for my question, as the univoter didn't understood my question. I know this, but I have to check programatically that any url name provided to my application, has sql injection susceptibility or not. I always use parameterized queries, but the task is to check it for all and any url's provided for other websites. This is the service we need to provide to our customers. I hope this is more clear now.

thatraja 6-Dec-10 3:57am

Ok, for your requirement you can use encrypted urls which will help you to restrict the hackers. I counter vote your question because it's really a good one. I'll update my answer quickly so check it later.

thatraja 6-Dec-10 4:02am

check my updated answer.

@nuraGGupta@ 6-Dec-10 4:04am

I didn't get it. How can I use encrypted URL's for the customer's URL, they are just providing the URL to me. Please visit the link given below:

http://hackertarget.com/free-sql-scan/

I need to create something like the service provided here.

BTW, thanks a lot for countering the vote. :)

thatraja 6-Dec-10 4:14am

Oh..oh..oh...only now I got your requirement. But I think it's a big process. But if you get any api from that site(which you have mentioned in your comment(hackertarget.com)) then it's possible by creating a service.

@nuraGGupta@ 6-Dec-10 4:19am

ok thanks. I am happy that you got it correct now. Now, I am going to tell my boss that it's completely impossible(programatically) [;-)]. Just to see his reaction.

Dalek Dave 6-Dec-10 4:21am

Good Links.

thatraja 6-Dec-10 4:28am

Welcome. Yeah the API will be costly.