SQL injection

Posted on 2006-04-11
Last Modified: 2010-04-01
I will be going to use MSSQL 2000 to develop the the web application.
But I am told to use inline SQL(ie not Stored Procedure) to develop the web application,
I am concern about SQL injection,
will the preparedStatement help to eliminate the problem of SQL injection?
If not, is there any written classes that can help us to format the user input?
Question by:william007
    LVL 48

    Accepted Solution

    >>will the preparedStatement help to eliminate the problem of SQL injection?
    YES (as what i know)

    For me, i will do another round of validation against the resultset returned to ensure the username and password is exactly matched, before proceed to next stage.
    LVL 48

    Expert Comment

    by:Ryan Chong
    try read: 5.2 Use of Prepared statements from this article:
    LVL 35

    Expert Comment

    >> YES (as what i know)

    ryancys is right...  PreparedStatements == No Injection :-)

    No points for me please, ryancys got it first time :-)
    LVL 9

    Author Comment


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Is Threat Intelligence?

    Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

    Suggested Solutions

    Title # Comments Views Activity
    method inner class 6 76
    Fisheye tool 2 96
    servlet cookie finding by name 1 53
    JSONSerializer.toJSON in JSP generating error 8 47
    PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
    The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
    Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    10 Experts available now in Live!

    Get 1:1 Help Now