Popular Posts

  • Image gradients and edge detection
    import cv2 import numpy as np from matplotlib import pyplot as plt #img = cv2.imread("messi5.jpg", cv2.IMREAD_GRAYSCALE)...
  • Show Data In Table View Using Plist
    I show how to use arrays to show data. Today i have use plist to show the data.plist means property l...
  • Rotate Txt using css
    <style> #rotate { width:20px; height:auto; float:left; font-size:11px; font-family:Verdana; -webkit-transform: rotate(-90deg);...

Oct 22, 2013

Prevent websites from injection in asp.net 






string queryStr = "select email, fullname, from t_employee where username = user_name ='" + username + "' and user_date between '" + startdate + "' and '" + enddate + "'";
 
To prevent from query injection we can change it by using stored procedures or 
parameterised TSQL
 

 string queryStr = "select email, fullname from t_employee where user_name = @USER and user_date between @startdate and @enddate'";

cmd.Parameters.Add("@USER", SqlDbType.NVarChar, 100);  -- Assuming type and size
cmd.Parameters["@USER"].Value = username
cmd.Parameters.Add("@startdate ", SqlDbType.DateTime);
cmd.Parameters["@startdate "].Value = startdate ;
cmd.Parameters.Add("@enddate", SqlDbType.DateTime);
cmd.Parameters["@enddate"].Value = enddate;
Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)