You can use encoding on parameters to avoid injection. Normally its single or double encoding. Sent wirelessly from my BlackBerry device on the Bell network. Envoyé sans fil par mon terminal mobile BlackBerry sur le réseau de Bell.
-----Original Message----- From: Cerebrus <[email protected]> Sender: [email protected] Date: Tue, 10 May 2011 04:59:22 To: DotNetDevelopment, VB.NET, C# .NET, ADO.NET, ASP.NET, XML, XML Web Services,.NET Remoting<[email protected]> Reply-To: [email protected] Subject: [DotNetDevelopment] Re: SQL Injection and parameterization? Assuming you intend to set the parameter via code, it helps to know that the SqlParameter class has some built in validation directed towards Sql Injection, but Steve's warning still holds. In a high security scenario, no amount of validation can be termed "sufficient", but you can surely put in measures that will help you sleep soundly at night (or day, depending on your inclination. On May 10, 5:03 am, Davej <[email protected]> wrote: > SELECT * > FROM EMPLOYEE > WHERE LastName = @LastName; > > On May 2, 2:34 am, Cerebrus <[email protected]> wrote: > > > > > > > Define "parameterized string". > > > On Apr 29, 9:58 pm, Davej <[email protected]> wrote: > > > > Can parameterized strings still be vulnerable to SQL injection? > -- You received this message because you are subscribed to the Google Groups "DotNetDevelopment, VB.NET, C# .NET, ADO.NET, ASP.NET, XML, XML Web Services,.NET Remoting" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/dotnetdevelopment?hl=en?hl=en or visit the group website at http://megasolutions.net -- You received this message because you are subscribed to the Google Groups "DotNetDevelopment, VB.NET, C# .NET, ADO.NET, ASP.NET, XML, XML Web Services,.NET Remoting" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/dotnetdevelopment?hl=en?hl=en or visit the group website at http://megasolutions.net
