EasyToHelp
asked on
Can someone inject sql code in a asp.net SQL Datasource?
Hi
I am currently refactoring our code on one of our applications and came across some asp.net<Sqldatasource>
this is the code
<asp:sqldatasource id="sds_Categories" runat="server"
connectionstring="<%$ ConnectionStrings:Database %>"
selectcommand="SELECT [SId], [Des] FROM [Categories] ORDER BY [seq]">
</asp:sqldatasource>
Could someone hack my database with this code?
I am currently refactoring our code on one of our applications and came across some asp.net<Sqldatasource>
this is the code
<asp:sqldatasource id="sds_Categories" runat="server"
connectionstring="<%$ ConnectionStrings:Database
selectcommand="SELECT [SId], [Des] FROM [Categories] ORDER BY [seq]">
</asp:sqldatasource>
Could someone hack my database with this code?
one can never trust user entered data you must always validate it.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
try to validate all the inputs from the user and filter them
also try to replace all special characters like ' ! -
also try to replace all special characters like ' ! -
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
example:
Open in new window
when you're establishing the connection, you can add:Open in new window
get the idea?