How to store "dangerous" data in the database and avoid SQL injection?

S

Satisfied IT2017-01-11 14:25:58

C++ / C#

Satisfied IT, 2017-01-11 14:25:58

There is a task - to save the data received from the client in the database (MS SQL) in the form in which they came. But the question arose, how to avoid SQL injection and at the same time not change the data? As one of the options, I'm considering first converting the received data to base64, and then saving it. Maybe there are better options? The data comes through a request to the api, XSS attacks are not considered yet, since the data will be displayed nowhere. Language - C#

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

P

Peter, 2017-01-11
specialist @borisdenis

SQL injections are only possible when client data becomes part of your SQL database query.
If your request is always the same, and you pass data through parameters, then SQL injections are excluded.
insert into tablename (field1) values (@field1);

N

Nevada18, 2017-07-02
@NewGasK

you lay out the block, connect a slider to it, such as slick or bxslider, and redo the navigation buttons according to the layout.