How to Prevent SQL InjectionSQL Injection is a one kind of attack where the attacker generates malicious code and send into SQL query
to access database or system.
- How to Prevent SQL Injection
- Use stored procedure (SP)
- Re-validate data in stored procedures.
- Use parameterized query
- Use ORM tools (LINQ, NHybernet, LINQ to Entities)
- Use regular expression to discard input string
- Encrypt sensitive data
- Check unwanted character, words (--, ;, insert, delete, update) in query
- Access the database using an account with the least privileges necessary
- Install the database using an account with the least privileges necessary
- Ensure that error messages give nothing away about the internal architecture of the application or the database
EmoticonEmoticon