• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 219
  • Last Modified:

How to protect against SQL injections

We have just suffered a SQL injection into our sql 2008 database running our .net websites.

The intruders planted a script in all our content item that would have displayed a page of links offset so as not to be visible to users, but picked up by search engines.

I am shocked by how they have managed to retrieve the names of tables and fields.

How can we determine where they got in, and how can we protect ourselves from such threats in future?
0
nhmedia
Asked:
nhmedia
4 Solutions
 
gaurav05Commented:
Hi,

check this one,

http://msdn.microsoft.com/en-us/library/ff648339.aspx


let us know for  more information.
0
 
Ramesh Babu VavillaCommented:
this url helps you with sample and good explanation
http://www.unixwiz.net/techtips/sql-injection.html
0
 
millsap_singerCommented:
Use parameterized queries for your insert/update statements.  
0
 
nhmediaAuthor Commented:
In the end we came up with our own solution based on an http handler to prevent undesirable requests being processed.
0

Featured Post

Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now