This article describes about the basic overview of SQL Injections and how to protect it?. Summary of the article:
- SQL Injection
- How to Prevent SQL Injection?
SQL Injection is a one kind of attack where the attacker generates malicious code and send into SQL query to access database or system.
How to Prevent SQL Injection?
For any database application it is necessar to overcome SQL Injection . We can prevent the SQL Injection in the following ways or to prevent SQL Injection we need to do the following things:
- Use stored procedure (SP)
- Re-validate data in stored procedures
- Use parametrized query
- Use ORM tools (LINQ, NHybernet, LINQ to Entities)
- Use regular expression to discard input string
- Encrypt sensitive data
- Check unwanted character, words (–, ;, insert, delete, update) in query
- Access the database using an account with the least privileges necessary
- Install the database using an account with the least privileges necessary
- Ensure that error messages give nothing away about the internal architecture of the application or the database
That’s all about SQL Injection.