Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I have a basic C# windows form that allows the user to update a specific field in our MySQL database from a Windows machine. What is the best way to check the string input values in the C# form in order to alter the string to include backslashes for comma’s etc but also to prevent against any form of SQL injection?
Many thanks.
Generally the quickest approach I’ve seen is to use an ISAPI filter, like these:
http://www.iis.net/extensions/UrlScan
http://iis6sqlinjection.codeplex.com/
You should also be using Parameter Commands with Stored Procedures.
While your doing this you maze well protect against XSS attacks too, here a fantastic article:
http://corneliutusnea.wordpress.com/2009/12/11/xss-attack-your-database-to-detect-missing-output-encoding/