Avoiding SQL injection without parameters

by

I think the correct answer is:

Don’t try to do security yourself. Use whatever trusted, industry standard library there is available for what you’re trying to do, rather than trying to do it yourself. Whatever assumptions you make about security, might be incorrect. As secure as your own approach may look (and it looks shaky at best), there’s a risk you’re overlooking something and do you really want to take that chance when it comes to security?

Use parameters.

More Related Contents:

  1. How do I update a value in C# and SQL Server? [closed]
  2. How to make an algorithm to get all column names from across tables that relations with their primary key in SQL Server and C#?
  3. Procedure or function xxxxx has too many arguments specified [duplicate]
  4. Call a stored procedure with parameter in c#
  5. Insert 2 million rows into SQL Server quickly
  6. SQL Network Interfaces, error: 50 – Local Database Runtime error occurred. Cannot create an automatic instance
  7. Cannot open database “test” requested by the login. The login failed. Login failed for user ‘xyz\ASPNET’
  8. Getting data from stored procedure with Entity Framework
  9. Why should I use int instead of a byte or short in C#
  10. Queuing in OneWay WCF Messages using Windows Service and SQL Server
  11. Connection timeout for SQL server
  12. SQL Injection attack prevention: where do I start
  13. What SqlDbType maps to varBinary(max)?
  14. How can I convert ticks to a date format?
  15. Retrieve image from database in asp.net
  16. What is passing parameters to SQL and why do I need it?
  17. Fastest method for SQL Server inserts, updates, selects
  18. How to retrieve binary image from database using C# in ASP.NET
  19. Database Error: There is no row at position 0
  20. How to access session variables from any class in ASP.NET?
  21. Convert webpage to image from ASP.NET
  22. SQL injection on INSERT
  23. How to insert a data table into SQL Server database table?
  24. Display custom error page when file upload exceeds allowed size in ASP.NET MVC
  25. ASP.NET GridView: How to edit and delete data records
  26. Calling async methods from non-async code
  27. Explicit construction of entity type [MyClass] in query is not allowed
  28. Web Service without adding a reference?
  29. How to maintain the value of label after postback in Asp.net? [closed]
  30. How do I call a method in a Master Page from a content’s code-behind page?

Leave a Comment