BIRT 3.7
Written by: Michael Williams
Featured Refcardz: Top Refcardz:
  1. Scrum
  2. Apache Maven 2
  3. Essential MySQL
  4. Node.js
  5. Groovy
  1. jQuery Selectors
  2. Ajax
  3. Java
  4. Spring Config.
  5. Java Concurrency
150+ Refcardz Available · Get them all

Link Details

Previous | Next

Surprise Me!
Link 322383 thumbnail
User 410138 avatar

By jrpurdon
via blog.inetu.net
Published: Dec 18 2009 / 03:21

Combating SQL Injection Attacks
SQL Injections occur when attackers enter malformed SQL statements into data input fields. The attacker can modify or retrieve data from your database and, in some cases, they can even access data stored in your filesystem outside of SQL Server.
Vote up
Vote down
  • 8
  • 0
  • 2741
  • 1
SaveShareSend Tags: , , ,

Comments

Add your comment
User 294184 avatar

mrjohnson replied ago:

0 votes Vote down Vote up Reply

Ug, no. Just... no. I don't know why people go messing with their web server to solve sql injection. Use prepared statements. All statements should be prepared whether they have parameters or not. While you're at it, wrap the entire DB api and leave out support for anything but prepared statements.

I don't know why it continues to be a debate in the .net world, this is pretty standard in Java. It's easy and makes SQL Injection near impossible.

Add your comment


Html tags not supported. Reply is editable for 5 minutes. Use [code lang="java|ruby|sql|css|xml"][/code] to post code snippets.

Voters For This Link (8)



Voters Against This Link (0)