473,386 Members | 1,766 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp.net > questions > sample validation code for sql injection attact

Join Bytes to post your question to a community of 473,386 software developers and data experts.

sample validation code for sql injection attact

ss
hi,

can anybody gives me a sample code where the sql injection attack is
validated.

how can i do that in business logic layer and pass the error to the
presentation tier

I want the sample code

Thnx,
bye
ss
May 5 '06 #1
4 2172
If your code is safe from SQL injections, an attempt to do one shouldn't
result in an error message, as it doesn't cause any error.

The easiest way to prevent SQL injections is to use parameterized
queries. That way the command object takes care of encoding the values
correctly.

Additional security can be achieved by only using stored procedures in
the queries, and limit the database user to only have permission to run
stored procedures. That way it's not even possible to execute an SQL
query using the connection.

ss wrote:
hi,

can anybody gives me a sample code where the sql injection attack is
validated.

how can i do that in business logic layer and pass the error to the
presentation tier

I want the sample code

Thnx,
bye
ss

May 5 '06 #2
you must also insure that your stored procs are safe from injection. a lot
of the search examples in this newsgroup are not safe.

-- bruce (sqlwork.com)
"Göran Andersson" <gu***@guffa.com> wrote in message
news:Ot**************@TK2MSFTNGP03.phx.gbl...
If your code is safe from SQL injections, an attempt to do one shouldn't
result in an error message, as it doesn't cause any error.

The easiest way to prevent SQL injections is to use parameterized queries.
That way the command object takes care of encoding the values correctly.

Additional security can be achieved by only using stored procedures in the
queries, and limit the database user to only have permission to run stored
procedures. That way it's not even possible to execute an SQL query using
the connection.

ss wrote:
hi,

can anybody gives me a sample code where the sql injection attack is
validated.

how can i do that in business logic layer and pass the error to the
presentation tier

I want the sample code

Thnx,
bye
ss

May 5 '06 #3
ss
Hi,
I asked for a sample code to validate the sql injection in the business
logic layer and data access layer.

I knew these things like what to do against sql inject attack.

All that wanted is a validation logic in BLL & DAL

bye
ss

"bruce barker (sqlwork.com)" wrote:
you must also insure that your stored procs are safe from injection. a lot
of the search examples in this newsgroup are not safe.

-- bruce (sqlwork.com)
"Göran Andersson" <gu***@guffa.com> wrote in message
news:Ot**************@TK2MSFTNGP03.phx.gbl...
If your code is safe from SQL injections, an attempt to do one shouldn't
result in an error message, as it doesn't cause any error.

The easiest way to prevent SQL injections is to use parameterized queries.
That way the command object takes care of encoding the values correctly.

Additional security can be achieved by only using stored procedures in the
queries, and limit the database user to only have permission to run stored
procedures. That way it's not even possible to execute an SQL query using
the connection.

ss wrote:
hi,

can anybody gives me a sample code where the sql injection attack is
validated.

how can i do that in business logic layer and pass the error to the
presentation tier

I want the sample code

Thnx,
bye
ss


May 10 '06 #4
What do you mean by validating an SQL injection attack, then?

ss wrote:
Hi,
I asked for a sample code to validate the sql injection in the business
logic layer and data access layer.

I knew these things like what to do against sql inject attack.

All that wanted is a validation logic in BLL & DAL

bye
ss

"bruce barker (sqlwork.com)" wrote:
you must also insure that your stored procs are safe from injection. a lot
of the search examples in this newsgroup are not safe.

-- bruce (sqlwork.com)
"Göran Andersson" <gu***@guffa.com> wrote in message
news:Ot**************@TK2MSFTNGP03.phx.gbl...
If your code is safe from SQL injections, an attempt to do one shouldn't
result in an error message, as it doesn't cause any error.

The easiest way to prevent SQL injections is to use parameterized queries.
That way the command object takes care of encoding the values correctly.

Additional security can be achieved by only using stored procedures in the
queries, and limit the database user to only have permission to run stored
procedures. That way it's not even possible to execute an SQL query using
the connection.

ss wrote:
hi,

can anybody gives me a sample code where the sql injection attack is
validated.

how can i do that in business logic layer and pass the error to the
presentation tier

I want the sample code

Thnx,
bye
ss


May 10 '06 #5
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

21
Automated Form Validation?
by: Stefan Richter | last post by:
Hi, after coding for days on stupid form validations - Like: strings (min / max length), numbers(min / max value), money(min / max value), postcodes(min / max value), telefon numbers, email...
PHP
6
server side validation
by: Hernán Castelo | last post by:
should i to validate all the "Request"s calls like Request.FORM("...") and Request.Cookies("...") ???? if it is so, i have to see inside every "Input" elements like "Text" and even "Hidden"...
ASP / Active Server Pages
13
Javascript validation against data on server
by: rcb845 | last post by:
Hi everybody Javascript specialist, I am relatively new in Javascript world. I have a problem to solve and I hope one of you can help me. I am building a validation system, i.e. I want to...
Javascript
7
email validation: just enough to prevent sql injection
by: e_matthes | last post by:
Hello everyone, I've read enough about email validation to know that the only real validation is having a user respond to a confirmation message you've sent them. However, I want to store the...
Javascript
7
form validation
by: lepage.diane | last post by:
Hello I am a newbie to PHP. Please bear with me. I need to validate the following fields using php. 1. email (needs to be just one e-mail address, and take out stuff like bcc or anything that...
PHP
5
I need validation to fail on an apostrophe entered into a textbox for my regularexpression validator
by: hamsterchaos | last post by:
<asp:RegularExpressionValidator id="valRegEx" runat="server" ControlToValidate="textbox1" ValidationExpression=" " ErrorMessage="* Please only enter alphanumeric values and make sure...
ASP.NET
1
php form validation
by: runway27 | last post by:
i need to validate a field in a form where a user enters a reference number this can be letters, numbers and special characters also so i have not written any special preg match as the...
PHP
2
question about validation and sql injection
by: Sudhakar | last post by:
A) validating username in php as part of a registration form a user fills there desired username and this is stored in a mysql. there are certain conditions for the username. a) the username...
PHP
5
date validation
by: maz77 | last post by:
I'm trying to develop a good validation for a date in C#; a valid date can be inserted in these formats: - dd/mm/yyyy - dd/mm/yyyy h24:m - mm/dd/yyyy - mm/dd/yyyy h12:m How can I proceed? Is...
ASP.NET
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Basic Javascript concepts
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
Javascript
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!