How to protect against SQL injections

We have just suffered a SQL injection into our sql 2008 database running our .net websites.

The intruders planted a script in all our content item that would have displayed a page of links offset so as not to be visible to users, but picked up by search engines.

I am shocked by how they have managed to retrieve the names of tables and fields.

How can we determine where they got in, and how can we protect ourselves from such threats in future?
nhmediaAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
gaurav05Connect With a Mentor Commented:
Hi,

check this one,

http://msdn.microsoft.com/en-us/library/ff648339.aspx


let us know for  more information.
0
 
Ramesh Babu VavillaConnect With a Mentor Commented:
this url helps you with sample and good explanation
http://www.unixwiz.net/techtips/sql-injection.html
0
 
millsap_singerConnect With a Mentor Commented:
Use parameterized queries for your insert/update statements.  
0
 
nhmediaAuthor Commented:
In the end we came up with our own solution based on an http handler to prevent undesirable requests being processed.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.