form security against security

i have a form in my website which is to be filled by user and that form stores in database(sql server 2005).

but someone told me that anyone can run script  in textboxes in that form and can damage database,

so how to avoid such security lack. 

0
rriya
11/6/2008 12:19:10 AM
📁 asp.net.sql-datasource
📃 29906 articles.
⭐ 0 followers.

💬 1 Replies
👁️‍🗨️ 1908 Views

it is common practice to use parameterized sql statements or stored procs to insure you are protected from sql injections attacks.

if you concatenate user input directly into a sql statement, then you are at risk.


Mike Banavige
~~~~~~~~~~~~
Need a site code sample in a different language? Try converting it with: http://converter.telerik.com/
0
mbanavige
11/6/2008 12:43:51 AM
Reply: