How can I avoid SQL injection attacks in my ASP.NET application?

I need to avoid being vulnerable to SQL injection in my ASP.NET application. How might I accomplish this?


Even though your question is very generic, a few rules always apply:

  • Use parameterized queries (SqlCommand with SqlParameter) and put user input into parameters.
  • Don't build SQL strings out of unchecked user input.
  • Don't assume you can build a sanitizing routine that can check user input for every kind of malformedness. Edge cases are easily forgotten. Checking numeric input may be simple enough to get you on the safe side, but for string input just use parameters.
  • Check for second-level vulnerabilites - don't build SQL query strings out of SQL table values if these values consist of user input.
  • Use stored procedures to encapsulate database operations.

Need Your Help

sqlcipher how to import a sqlite3 database

database sqlite encryption sqlite3 sqlcipher

I have dumped a sqlite3 database into a .sql file. Afterwards I have import the files like this:

About UNIX Resources Network

Original, collect and organize Developers related documents, information and materials, contains jQuery, Html, CSS, MySQL, .NET, ASP.NET, SQL, objective-c, iPhone, Ruby on Rails, C, SQL Server, Ruby, Arrays, Regex, ASP.NET MVC, WPF, XML, Ajax, DataBase, and so on.