 |  |  |  |  |  |  |  |
Prevent queries from SQL Injection attack in SQL Server 2005
Please support our MS SQL advertiser: Intel Parallel Studio Home
 |
I am using SQL Server 2005, I have some select and update statements in my query with WHERE clause
I want to prevent these queries from SQL injection attacks.
What are the steps and precautions to be taken for SQL Injection attacks?
Does anybody have suggestions?
Thanks in advance,
I want to prevent these queries from SQL injection attacks.
What are the steps and precautions to be taken for SQL Injection attacks?
Does anybody have suggestions?
Thanks in advance,
The common method is to use regular expressions against the text that will be used in the where clause. The initial poster is correct in that stored procedures and parameters will stop this, but, if you are going to execute a sting built in the stored procedure you are still susceptible to an injection attack.
|
Other Threads in the MS SQL Forum
- Previous Thread: CASE function
- Next Thread: Query Help - Is this Possible?
| Thread Tools | Search this Thread |
Latest MS SQL Posts
- Today's Posts
- Unanswered Threads
Related Forum Features
Tag cloud for MS SQL
"last autogrowth business connectingtodatabaseinuse count cursor data database dateadd datepart day" dbsize deadlock delete_trigger getdate highperformancecomputing hpc hpcserver2008 ibm iis loop maximum microsoft ms mssql multiple multithreading news number permission query reporting result server services sets source sql sqlserver sqlserver2005 supercomputing tables uniqueid update view weekday
