Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
addd2015-11-11 16:53:29
C++ / C#
addd, 2015-11-11 16:53:29

How to protect yourself from sql injection?

Database.SqlQuery("exec sp_ ...", param)
this code is not protected from sql injection, how is it better to filter the parameters in this case?
Using the SqlParameters class, can you protect yourself from sql injections?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
S
Stanislav Makarov, 2015-11-11
@Nipheris

Using the SqlParameters class, can you protect yourself from sql injections?

It is possible and necessary. When using parameters and prepared statements, values ​​for a particular request can be passed generally separately from the syntax of the request. In any case, the driver of a particular DBMS will be responsible for the correctness, and not you.

Report
X
Xrizolin, 2018-07-12
@Xrizolin

ORM should filter.
Check that you are following best practice: https://www.owasp.org/index.php/SQL_Injection_Prev...
And then run it with a vulnerability scanner. For example https://metascan.ru

Similar questions
V
Vyacheslav Grachunov2019-11-02 20:28:03
How to asynchronously get a list of files in a directory in Python? 6Reply
V
Vladimir Kolpakov2019-01-18 14:39:58
Does such a task and project management system exist? 11Reply
A
anton :D2021-05-09 23:20:56
How to insert a photo into embed and rows? 2Reply
A
Andrey2018-11-04 00:15:39
How to update ListView from string array in Xamarin.Forms? 2Reply
L
LoliDeveloper2020-09-13 10:45:33
Why is OnBackPressed not working correctly? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question