0

Hello there, I recently faced problem with my website www.zomedia.in. I am using sql server 2005 and asp.net 4.0 with c#. My database tables are automatically filled with some unknown html css junk codes such as (</title><style>.apyk{position:absolute;clip:rect(438px,auto,auto,438px);}</style><div c) (check http://zomedia.in/ZomediaSongs/ZomediaMp3.aspx and you can see the gridview with junk data in it). This junk data automatically filled my tables without any human intervention. My website was working fine and I did not change any coding that might have cause the issue. So, I cusulted my hosting provider and they could not give answer. Could this be error with coding or server error?

3
Contributors
4
Replies
16
Views
4 Years
Discussion Span
Last Post by JorgeM
0

I suggest you check the code that inserts data into your database. Apart from that, all junk appears to be identical, so a simple UPDATE and REPLACE query should be able to fix your issue for now.

0

Another thing to consider is that you aren't validating user input somewhere and this was so e attempt at a SQL injection? Where the attempt was to get HTML and some javascript Into your records so that when they are retrieved and displayed to your visitor, some unwanted script would be executed?

Edited by JorgeM

0
string sqlstr = "Select * from SongTable where SongArtist like '" + SearchId.Text + "%'";

How can i prevent this from sql Injection?

Edited by pritaeas: Added markdown

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.