SQL Injection

Posted on 2013-10-17
Medium Priority
Last Modified: 2013-10-24
How best and what approach we need to take to prevent sql injection when dynamicl sql complex where clauses are constructed from front end passed to sql for execution.
Question by:JRR75
LVL 22

Expert Comment

by:Om Prakash
ID: 39581791
LVL 49

Accepted Solution

PortletPaul earned 1500 total points
ID: 39581818
The most cited reference I know for this topic is:

The Curse and Blessings of Dynamic SQL
Erland Sommarskog (2011)

This EE article which starts with a simple example of sql injection (via PHP) plus some other web site security topics.
5 Steps to Securing Your Web Application
gr8gonzo (2009)

Featured Post

Build your data science skills into a career

Are you ready to take your data science career to the next step, or break into data science? With Springboard’s Data Science Career Track, you’ll master data science topics, have personalized career guidance, weekly calls with a data science expert, and a job guarantee.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

In the first part of this tutorial we will cover the prerequisites for installing SQL Server vNext on Linux.
What if you have to shut down the entire Citrix infrastructure for hardware maintenance, software upgrades or "the unknown"? I developed this plan for "the unknown" and hope that it helps you as well. This article explains how to properly shut down …
Via a live example combined with referencing Books Online, show some of the information that can be extracted from the Catalog Views in SQL Server.
This videos aims to give the viewer a basic demonstration of how a user can query current session information by using the SYS_CONTEXT function

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question