User Name Password Register
DaniWeb IT Discussion Community
Home
Forums
Tutorials
Code Snippets
Blogs
Link Directory
All
What is DaniWeb IT Discussion Community?
You're currently browsing the MS SQL section within the Web Development category of DaniWeb, a massive community of 402,044 software developers, web developers, Internet marketers, and tech gurus who are all enthusiastic about making contacts, networking, and learning from each other. In fact, there are 2,427 IT professionals currently interacting right now! Registration is free, only takes a minute and lets you enjoy all of the interactive features of the site.
Join our community!
Please support our MS SQL advertiser: Programming Forums
Views: 792 | Replies: 2
Reply
Join Date: Sep 2006
Posts: 104
Reputation: bhavna_816 is an unknown quantity at this point 
Rep Power: 2
Solved Threads: 0
bhavna_816 bhavna_816 is offline Offline
Junior Poster

Prevent queries from SQL Injection attack in SQL Server 2005

  #1  
May 29th, 2008
I am using SQL Server 2005, I have some select and update statements in my query with WHERE clause

I want to prevent these queries from SQL injection attacks.
What are the steps and precautions to be taken for SQL Injection attacks?
Does anybody have suggestions?


Thanks in advance,
AddThis Social Bookmark Button
Reply With Quote  
Join Date: Sep 2006
Location: San Diego, CA USA
Posts: 99
Reputation: M_K_Higa is an unknown quantity at this point 
Rep Power: 2
Solved Threads: 2
M_K_Higa's Avatar
M_K_Higa M_K_Higa is offline Offline
Junior Poster in Training

Re: Prevent queries from SQL Injection attack in SQL Server 2005

  #2  
Jun 5th, 2008
Use stored procedures and pass the data you need to update as parameters.
-Mike
Reply With Quote  
Join Date: Mar 2008
Posts: 3
Reputation: TCBW is an unknown quantity at this point 
Rep Power: 0
Solved Threads: 1
TCBW TCBW is offline Offline
Newbie Poster

Re: Prevent queries from SQL Injection attack in SQL Server 2005

  #3  
Jun 5th, 2008
The common method is to use regular expressions against the text that will be used in the where clause. The initial poster is correct in that stored procedures and parameters will stop this, but, if you are going to execute a sting built in the stored procedure you are still susceptible to an injection attack.
Reply With Quote  
Reply

Only community members can participate in forum threads. You must register or log in to contribute.

Register
DaniWeb MS SQL Marketplace
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

 

Thread Tools Display Modes
Linear Mode Linear Mode

ad ad server ad serving advertising ajax architecture asp backup code injection crash daniweb database developer development dos doubleclick enterprise epilepsy google griefers hacker hackers internet javascript linux mail microsoft mmorpg msdn news novell office open pakistan qmail red hat rhel scsi security server smtp software source sql survey upgrade vista windows workspace youtube
Other Threads in the MS SQL Forum

Advertising Opportunities on DaniWeb
Contact Us - Newsletter Archive - Sitemap - Privacy Statement
All times are GMT -4. The time now is 11:26 pm.
Forum system based on vBulletin Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
©2003 - 2008 DaniWeb® LLC