Community Credit Forums

it has been observed that if ur code implementation is not up to the mark..then it may lead ur website to sql injection attack..as through sql injection intruder can attack ur site or database just by manipulating the url or textbox values...so be careful of sql injection attack...

Yes, that is a topic that has been discussed in many areas over the last few years.  In fact, I was chatting with Simone Chiaretta about it regarding his blog post: http://codeclimber.net.nz/archive/2007/07/17/How-not-to-prevent-SQL-Injection.aspx Which offers a slightly different example.  From my experience, it seems that if you use stored procedures instead of inline sql, you can stop sql injection attacks by about 90%.  There are many other methods and I am sure that you can probably google a ton.  In fact, I just googled the term and came back with 349,000 results.

Check at

http://dotnetextract.googlepages.com/howtoprotectsqlinjectioninasp.net

 

Thanks Ravi,

     Nice Article!

SPI Dynamics does a really good hands-on demo of SQL Injection attacks when they give a presentation. I had always known it was bad, but never realized just how bad until I saw it first hand!