SQL Injection is one of the web attack mechanisms used by hackers to access the database. This article describes SQL Injection and how to prevent it. Summary of the article:
- What is SQL Injection?
- How to Prevent SQL Injection?
What is SQL Injection?
SQL Injection is a one kind of attack where the attacker generates malicious code and send into SQL query to access database or system.
How to Prevent SQL Injection?
For any database application it is necessar to overcome SQL Injection . We can prevent the SQL Injection in the following ways or to prevent SQL Injection we need to do the following things:
- Use stored procedure (SP)
- Use prover validation to validate data
- Use parameterized query
- Use ORM tools (LINQ, NHybernet, LINQ to Entities)
- Use regular expression to discard input string
- Encrypt sensitive data
- Check unwanted character, words (–, ;, insert, delete, update) in query.
- Access the database using an account with the least privileges necessary.
- Install the database using an account with the least privileges necessary.
- Ensure that error messages give nothing away about the internal architecture of the application or the database
That’s all about SQL Injection