469,621 Members | 1,802 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,621 developers. It's quick & easy.

sample validation code for sql injection attact

ss
hi,

can anybody gives me a sample code where the sql injection attack is
validated.

how can i do that in business logic layer and pass the error to the
presentation tier

I want the sample code

Thnx,
bye
ss
May 5 '06 #1
4 2010
If your code is safe from SQL injections, an attempt to do one shouldn't
result in an error message, as it doesn't cause any error.

The easiest way to prevent SQL injections is to use parameterized
queries. That way the command object takes care of encoding the values
correctly.

Additional security can be achieved by only using stored procedures in
the queries, and limit the database user to only have permission to run
stored procedures. That way it's not even possible to execute an SQL
query using the connection.

ss wrote:
hi,

can anybody gives me a sample code where the sql injection attack is
validated.

how can i do that in business logic layer and pass the error to the
presentation tier

I want the sample code

Thnx,
bye
ss

May 5 '06 #2
you must also insure that your stored procs are safe from injection. a lot
of the search examples in this newsgroup are not safe.

-- bruce (sqlwork.com)
"Göran Andersson" <gu***@guffa.com> wrote in message
news:Ot**************@TK2MSFTNGP03.phx.gbl...
If your code is safe from SQL injections, an attempt to do one shouldn't
result in an error message, as it doesn't cause any error.

The easiest way to prevent SQL injections is to use parameterized queries.
That way the command object takes care of encoding the values correctly.

Additional security can be achieved by only using stored procedures in the
queries, and limit the database user to only have permission to run stored
procedures. That way it's not even possible to execute an SQL query using
the connection.

ss wrote:
hi,

can anybody gives me a sample code where the sql injection attack is
validated.

how can i do that in business logic layer and pass the error to the
presentation tier

I want the sample code

Thnx,
bye
ss

May 5 '06 #3
ss
Hi,
I asked for a sample code to validate the sql injection in the business
logic layer and data access layer.

I knew these things like what to do against sql inject attack.

All that wanted is a validation logic in BLL & DAL

bye
ss

"bruce barker (sqlwork.com)" wrote:
you must also insure that your stored procs are safe from injection. a lot
of the search examples in this newsgroup are not safe.

-- bruce (sqlwork.com)
"Göran Andersson" <gu***@guffa.com> wrote in message
news:Ot**************@TK2MSFTNGP03.phx.gbl...
If your code is safe from SQL injections, an attempt to do one shouldn't
result in an error message, as it doesn't cause any error.

The easiest way to prevent SQL injections is to use parameterized queries.
That way the command object takes care of encoding the values correctly.

Additional security can be achieved by only using stored procedures in the
queries, and limit the database user to only have permission to run stored
procedures. That way it's not even possible to execute an SQL query using
the connection.

ss wrote:
hi,

can anybody gives me a sample code where the sql injection attack is
validated.

how can i do that in business logic layer and pass the error to the
presentation tier

I want the sample code

Thnx,
bye
ss


May 10 '06 #4
What do you mean by validating an SQL injection attack, then?

ss wrote:
Hi,
I asked for a sample code to validate the sql injection in the business
logic layer and data access layer.

I knew these things like what to do against sql inject attack.

All that wanted is a validation logic in BLL & DAL

bye
ss

"bruce barker (sqlwork.com)" wrote:
you must also insure that your stored procs are safe from injection. a lot
of the search examples in this newsgroup are not safe.

-- bruce (sqlwork.com)
"Göran Andersson" <gu***@guffa.com> wrote in message
news:Ot**************@TK2MSFTNGP03.phx.gbl...
If your code is safe from SQL injections, an attempt to do one shouldn't
result in an error message, as it doesn't cause any error.

The easiest way to prevent SQL injections is to use parameterized queries.
That way the command object takes care of encoding the values correctly.

Additional security can be achieved by only using stored procedures in the
queries, and limit the database user to only have permission to run stored
procedures. That way it's not even possible to execute an SQL query using
the connection.

ss wrote:
hi,

can anybody gives me a sample code where the sql injection attack is
validated.

how can i do that in business logic layer and pass the error to the
presentation tier

I want the sample code

Thnx,
bye
ss


May 10 '06 #5

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

21 posts views Thread by Stefan Richter | last post: by
6 posts views Thread by Hernán Castelo | last post: by
7 posts views Thread by lepage.diane | last post: by
1 post views Thread by runway27 | last post: by
2 posts views Thread by Sudhakar | last post: by
5 posts views Thread by maz77 | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.