Answer the question
In order to leave comments, you need to log in
How to store "dangerous" data in the database and avoid SQL injection?
There is a task - to save the data received from the client in the database (MS SQL) in the form in which they came. But the question arose, how to avoid SQL injection and at the same time not change the data? As one of the options, I'm considering first converting the received data to base64, and then saving it. Maybe there are better options? The data comes through a request to the api, XSS attacks are not considered yet, since the data will be displayed nowhere. Language - C#
Answer the question
In order to leave comments, you need to log in
SQL injections are only possible when client data becomes part of your SQL database query.
If your request is always the same, and you pass data through parameters, then SQL injections are excluded.insert into tablename (field1) values (@field1);
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question