How Do We Protect Agaist SQL Injection Attacks? Please Help.

How Do We Protect Agaist SQL Injection Attacks? Please Help.

 

Use stored procedures for database queries. Validate all user input . Check for valid query string values before using them

 

Hello

Below link will help you.

http://www.codeproject.com/KB/database/SqlInjectionAttacks.aspx
http://www.codeproject.com/KB/web-security/SqlInjection.aspx
http://www.4guysfromrolla.com/webtech/061902-1.shtml

According me create a function the remove the character that are responsible for sql injections.
Apply this function to all the input data and querystrings.

 

close some stored procedures for database queries

 

Just Filter out your input query for special characters and SQL commands.. this is the simplest way to prevent..

Here is good source about it

http://www.acunetix.com/websitesecurity/sql-injection.htm

 

StoredProcedure is a good way.
I think filtering out your input query for special characters and SQL commands is effective but has some problems and limitations
If you are using ASP.NET when dealing with the DB make sure you use params (command.Paramaters.Add)