Hello there, I recently faced problem with my website www.zomedia.in. I am using sql server 2005 and asp.net 4.0 with c#. My database tables are automatically filled with some unknown html css junk codes such as (</title><style>.apyk{position:absolute;clip:rect(438px,auto,auto,438px);}</style><div c) (check http://zomedia.in/ZomediaSongs/ZomediaMp3.aspx and you can see the gridview with junk data in it). This junk data automatically filled my tables without any human intervention. My website was working fine and I did not change any coding that might have cause the issue. So, I cusulted my hosting provider and they could not give answer. Could this be error with coding or server error?

Recommended Answers

All 4 Replies

I suggest you check the code that inserts data into your database. Apart from that, all junk appears to be identical, so a simple UPDATE and REPLACE query should be able to fix your issue for now.

Another thing to consider is that you aren't validating user input somewhere and this was so e attempt at a SQL injection? Where the attempt was to get HTML and some javascript Into your records so that when they are retrieved and displayed to your visitor, some unwanted script would be executed?

string sqlstr = "Select * from SongTable where SongArtist like '" + SearchId.Text + "%'";

How can i prevent this from sql Injection?

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.