i have a form in my website which is to be filled by user and that form stores in database(sql server 2005).
but someone told me that anyone can run script in textboxes in that form and can damage database,
so how to avoid such security lack.
![]() |
0 |
![]() |
it is common practice to use parameterized sql statements or stored procs to insure you are protected from sql injections attacks.
if you concatenate user input directly into a sql statement, then you are at risk.
Mike Banavige
~~~~~~~~~~~~
Need a site code sample in a different language? Try converting it with: http://converter.telerik.com/
![]() |
0 |
![]() |