form security against security

i have a form in my website which is to be filled by user and that form stores in database(sql server 2005).

but someone told me that anyone can run script in textboxes in that form and can damage database,

so how to avoid such security lack.

Vote Up!

0

Vote Down!

rriya

11/6/2008 12:19:10 AM

📁 asp.net.sql-datasource
📃 29906 articles.
⭐ 0 followers.

💬 1 Replies
👁️‍🗨️ 1908 Views

it is common practice to use parameterized sql statements or stored procs to insure you are protected from sql injections attacks.
if you concatenate user input directly into a sql statement, then you are at risk.
Mike Banavige
~~~~~~~~~~~~
Need a site code sample in a different language?  Try converting it with:  http://converter.telerik.com/

Vote Up!

0

Vote Down!

mbanavige

11/6/2008 12:43:51 AM

Similar Posts:

when is secure, secure?

security too secure

How secure is secure?

Any security issues using Impersonation along with Forms Authentication with Integrated Security (SQL SERVER 2000)?

Replacing SQL Integrated security by Custom security

(IN)SECURE Magazine from Net-Security (PDF download)

Password secure...is it secure?

Security

Forms Security for Role base security. Nirdesh Puri

Secure connections: how secure are they?

How secure is secure enough?

How secure is AuthenticationTypes.Secure?

File security from web-apps with Forms security enabled?