Link to home
Start Free TrialLog in
Avatar of lapucca
lapucca

asked on

What's the best practice to prevent malicious hacker from entering inappropriate input?

Hi, I'm using VS2013, asp.net web form and C#.

I have a textbox in this form that users can enter some text which I would use as a key to submit to an API call to retrieve some data back from a database.  What's the best practice I should have in my Asp.net or C# code prevent potential malicious input like sql or scripting as input?

Thank you.
ASKER CERTIFIED SOLUTION
Avatar of Mark Bullock
Mark Bullock
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of lapucca
lapucca

ASKER

By default, in my asp.net web form project, the validateRequest is set to false.  Should I change this to True?

To prevent sql injection, use bind variables with prepared statements.  -  How to do this?  Any example url?

Thank you for input so far.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of lapucca

ASKER

Thank you.