Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I want to know if there is anyway to avoid sql injection or XSS while reading a url.
For example:
https://abc?ID= some unique guid
How to avoid sql injection etc when entered instead of valid GUID.
There are a few things you can do.
Read up on preventing SQL Injection
Further reading
SQL Injection is bigger than just the portion you’re asking about. You want to be aware of all data going in and coming out of your database. Implement the suggestions above and you “should” be pretty covered.
When it comes to the subject of the original question (
?id=[guid]), you want to make sure you’re using theSystem.Guiddata type when submitting the query. If thestringis NOT a valid GUID, then you know that there’s a problem and you shouldn’t complete the request (IE: don’t even send the request to your repository later, and definitely don’t send it as far as the database).