Here I will explain how to prevent SQL injection attacks in asp.net website with example using c#, vb.net.SQL injection means injecting some SQL commands in SQL statements to hack your data or delete data or change your data in tables via web page input.
To prevent SQL injection attacks we need to use parameterized queries to pass values from code behind to database like as shown below
So always use paramerized query as given below
SqlCommand cmd = new SqlCommand("select username , pasword from user where username =@usrname and password=@pwd", con);
cmd.Parameters.AddWithValue("@usrname ", txtUserName.Text.trim());
cmd.Parameters.AddWithValue("@pwd", txtUserName.Text.trim());
|
No comments:
Post a Comment