Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
addd2015-11-11 16:53:29
C++ / C#
addd, 2015-11-11 16:53:29

How to protect yourself from sql injection?

Database.SqlQuery("exec sp_ ...", param)
this code is not protected from sql injection, how is it better to filter the parameters in this case?
Using the SqlParameters class, can you protect yourself from sql injections?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
S
Stanislav Makarov, 2015-11-11
@Nipheris

Using the SqlParameters class, can you protect yourself from sql injections?

It is possible and necessary. When using parameters and prepared statements, values ​​for a particular request can be passed generally separately from the syntax of the request. In any case, the driver of a particular DBMS will be responsible for the correctness, and not you.

Report
X
Xrizolin, 2018-07-12
@Xrizolin

ORM should filter.
Check that you are following best practice: https://www.owasp.org/index.php/SQL_Injection_Prev...
And then run it with a vulnerability scanner. For example https://metascan.ru

Similar questions
K
Kirill Michenus2017-04-15 00:22:12
How to add an event to a marker in Yandex.Maps? 1Reply
N
Nick872017-06-02 11:35:44
Why doesn't bower and jquery load the library but gives an error? 5Reply
D
Danil Kumarov2017-06-23 20:11:32
How can you get other font-weight fonts from one regular? 2Reply
B
Be Clack2015-07-15 20:10:58
How to properly create multiple broadcasts in Nginx RTMP? 2Reply
A
alex stephen2017-07-13 12:48:05
Yii2 + yandex.connect - why does mail go to spam? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question