Skip to main content

SQL injection

SQL injection is a technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is in fact an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another. SQL injection is a subset of Code injection.


Example:

SELECT * From tblStock WHERE Ticker = 'Enter Stock Ticker here'

However, assume that the user enters the following:

GOOG'; drop table tblStock-- ....in this case tblStock can be dropped

Best coding practise to prevent SQL Injection is as follow:

1. Validate all User Input

* Never build Transacent statement directlt from User Input

* When working with XML document, validate all data with its schema as sson as it is entered

2. Use parameterized Query

Comments

Popular posts from this blog

WPF - Checking Cap Lock Status in WPF

Checking Cap Lock status will be useful in Logon page where we can provide warning to user <Caps Lock is on. Having Caps Lock on may cause you to enter password incorrectly.>

Following sample uses the Control class that is a standard class within the System.Windows.Forms namespace. The DLL containing this namespace is automatically included in Windows Forms applications. The class includes a method named IsKeyLocked, which allows you to determine whether keys such as Caps Lock are switched on or off. To check the status of the Caps Lock key, you can use the method in the following manner:

Example:
privatevoid KeyDownEventHanlder(object sender, KeyEventArgs e)
{
if (Console.CapsLock == true)
{
lblError.Foreground = Brushes.Red;
lblError.Content = "Caps Lock is on.";// Having Caps Lock on may cause you to enter password incorrectly.";

}

else

{
if (lblError.Foreground == Brushes.Red)lblError.Foreground = Brushes.Transparent;
}

}

Error CS0234 The type or namespace name 'ApplicationInsights' does not exist in the namespace 'Microsoft' (are you missing an assembly reference?)

Error CS0234 The type or namespace name 'ApplicationInsights' does not exist in the namespace 'Microsoft' (are you missing an assembly reference?)
To fix this issue run the following command in the Package Manager Console 
Install-Package Microsoft.ApplicationInsights.WindowsApps