DaniWeb IT Discussion Community

DaniWeb IT Discussion Community (http://www.daniweb.com/forums/index.php)
-   MS SQL (http://www.daniweb.com/forums/forum127.html)
-   -   Prevent queries from SQL Injection attack in SQL Server 2005 (http://www.daniweb.com/forums/thread126718.html)

bhavna_816 May 29th, 2008 8:22 am
Prevent queries from SQL Injection attack in SQL Server 2005
 
I am using SQL Server 2005, I have some select and update statements in my query with WHERE clause

I want to prevent these queries from SQL injection attacks.
What are the steps and precautions to be taken for SQL Injection attacks?
Does anybody have suggestions?


Thanks in advance,

M_K_Higa Jun 5th, 2008 11:43 am
Re: Prevent queries from SQL Injection attack in SQL Server 2005
 
Use stored procedures and pass the data you need to update as parameters.

TCBW Jun 5th, 2008 1:03 pm
Re: Prevent queries from SQL Injection attack in SQL Server 2005
 
The common method is to use regular expressions against the text that will be used in the where clause. The initial poster is correct in that stored procedures and parameters will stop this, but, if you are going to execute a sting built in the stored procedure you are still susceptible to an injection attack.


All times are GMT -4. The time now is 1:36 am.

Forum system based on vBulletin Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.
©2003 - 2010 DaniWeb® LLC