RSS

What is SQL Injection? How to Protect Against SQL Injection Attack?

06 Aug

SQL injection is an attack in which malicious code is inserted into strings that are later passed to an instance of SQL Server for parsing and execution. Any procedure that constructs SQL statements should be reviewed for injection vulnerabilities because SQL Server will execute all syntactically valid queries that it receives. Even parameterized data can be manipulated by a skilled and determined attacker.

Here are few methods which can be used to protect again SQL Injection attack:

  • Use Type-Safe SQL Parameters
  • Use Parameterized Input with Stored Procedures
  • Use the Parameters Collection with Dynamic SQL
  • Filtering Input parameters
  • Use the escape character in LIKE clause
  • Wrapping Parameters with QUOTENAME() and REPLACE()
 
Leave a comment

Posted by on August 6, 2013 in MS SQL Server

 

Tags: , , , , , ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: