Home/ Questions/Q 6623591
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-25T21:33:03+00:00

I’m saving the browser user-agent of my users for stats purposes. As you already

  • 0

I’m saving the browser user-agent of my users for stats purposes.

As you already know, user-agent can be modified. I would like to know if I should do anything to protect against SQL Injection.

I’m using Stored Procedures for inserting.

Many thanks.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Use parameters with stored procedures or use parameters with dynamic SQL.

    Here’s the example from MSDN:

      SqlDataAdapter dataAdapter = new SqlDataAdapter(
       "SELECT CustomerID INTO #Temp1 FROM Customers " +
       "WHERE CustomerID > @custIDParm; SELECT CompanyName FROM Customers " +
       "WHERE Country = @countryParm and CustomerID IN " +
       "(SELECT CustomerID FROM #Temp1);",
       connection);
  SqlParameter custIDParm = dataAdapter.SelectCommand.Parameters.Add(
                                          "@custIDParm", SqlDbType.NChar, 5);
  custIDParm.Value = customerID.Text;

  SqlParameter countryParm = dataAdapter.SelectCommand.Parameters.Add(
                                      "@countryParm", SqlDbType.NVarChar, 15);
  countryParm.Value = country.Text;

  connection.Open();
  DataSet dataSet = new DataSet();
  dataAdapter.Fill(dataSet);
    • 0