SQL Injection,how we prevent over asp.net web application

What is SQL Injection, Prevent asp.net application:



ASP.NET with C# developers often write dynamic SQL to perform some database operations (insert, delete, update records etc). These dynamic SQL is some cases might be created by concatenating strings with user input. If the developer are not validating the user input and taking every input as is, then this kind of scenario poses a very serious problem of SQL injection in asp.net web application or website.

SQL Injection,how we prevent over asp.net web application

SQL injection and Data security:

Data Security is the most important attribute for any system.  And we are talking about web application or internet then it is more important. Today, almost all the websites are asking to store user’s information in servers to understand the customer and serve better. Then the responsibility of an organization to confirm that customer’s data is safe and accessed in a secured manner.

SQL injection:

SQL injection is a technique where malicious users can inject SQL commands in data base by application.

Sql Server Interview Que:

Some importent points Related to SQL injection:


  • SQL injection attacks are a type of injection attack, in which SQL commands are injected into data-plane input in order to effect the execution of predefined SQL commands.
  • SQL injection attacks allow attackers to spoof identity, tamper with existing data, because repudiation issues such as voiding transactions or changing balances of data allow the complete disclosure of all stored data on the system, destroy the data from database and become administrators of the database server. 
  • SQL injection attack refers insertion or "injection" of a SQL query via the input data from the client to the asp.net application.
  • A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), and execute administration operations on the database,
  • SQL injection also use Recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system.
  • SQL Injection is very common with PHP and ASP applications due to the prevalence of older functional interfaces. By the nature of programmatic interfaces available.
  • J2EE and ASP.NET applications are less likely to have easily exploited SQL injections. 



Checkboxlist related post on asp.net tutorial.

Comments