Larry Steinle

February 20, 2011

Use Regular Expressions to Detect SQL Code Injection

Filed under: RegEx,Security,SQL Server,VS.Net,Web — Larry Steinle @ 12:26 am
Tags: , ,
To gain unauthorized access and possibly control of another companies information hackers employ a technique called SQL Code Injection. This simple technique involves entering a sql statement inside a text box and submitting the request. When the server processes the page it can be tricked into executing the injected code. The best strategy to block SQL Code Injection is to use a stored procedure. For the times when you simply must use inline sql statements we will learn how to detect and block SQL Code Injection with the help of a few, simple, regular expressions.

(more…)

« Previous Page

Blog at WordPress.com.