To gain unauthorized access and possibly control of another companies information hackers employ a technique called SQL Code Injection. This simple technique involves entering a sql statement inside a text box and submitting the request. When the server processes the page it can be tricked into executing the injected code. The best strategy to block SQL Code Injection is to use a stored procedure. For the times when you simply must use inline sql statements we will learn how to detect and block SQL Code Injection with the help of a few, simple, regular expressions.
Larry Steinle
Pages
Categories
- Active Directory (12)
- C (6)
- Guides (8)
- Microsoft Office (1)
- Oracle (5)
- RegEx (8)
- Security (7)
- SQL Server (7)
- Uncategorized (1)
- VS.Net (26)
- Web (23)
Archives
- January 2015 (1)
- October 2014 (1)
- September 2014 (1)
- July 2014 (1)
- June 2014 (2)
- April 2014 (1)
- March 2014 (1)
- January 2014 (2)
- December 2013 (1)
- November 2013 (2)
- October 2013 (5)
- September 2013 (2)
- August 2013 (4)
- December 2011 (1)
- November 2011 (1)
- May 2011 (4)
- April 2011 (2)
- March 2011 (11)
- February 2011 (6)
- January 2011 (4)
Copyright (©) 2015 Larry Steinle
Any source code and files are provided to the reader as free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 3.
All code is distributed WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details at http://www.gnu.org/licenses/.
Disclaimer
The posts and projects on this site are meant for instructional purposes only. Never use any code from this site in a production environment without proper testing and validation.
Larry Steinle 