william007
asked on
SQL injection
I will be going to use MSSQL 2000 to develop the the web application.
But I am told to use inline SQL(ie not Stored Procedure) to develop the web application,
I am concern about SQL injection,
will the preparedStatement help to eliminate the problem of SQL injection?
If not, is there any written classes that can help us to format the user input?
But I am told to use inline SQL(ie not Stored Procedure) to develop the web application,
I am concern about SQL injection,
will the preparedStatement help to eliminate the problem of SQL injection?
If not, is there any written classes that can help us to format the user input?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
>> YES (as what i know)
ryancys is right... PreparedStatements == No Injection :-)
No points for me please, ryancys got it first time :-)
ryancys is right... PreparedStatements == No Injection :-)
No points for me please, ryancys got it first time :-)
ASKER
Thanks:-)
http://www.securitydocs.com/library/3587