How to use SQL Injection while insert a record

Posted by Sksamantaray under ASP.NET on 11/22/2011 | Points: 10 | Views : 2332 | Status : [Member] | Replies : 5
Hi,
While using an input screen you came to know that certain fields accept single quote.
This is a input screen only.
In such a situation can a database table be manipulated?

Thanks,
Sanjay



Responses

Posted by: Sksingh on: 12/19/2011 [Member] Starter | Points: 25

Up
0
Down
Hi,
Try this link http://www.codeproject.com/KB/web-security/SqlInjection.aspx

Regards,
Sunil

Sksamantaray, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Sksamantaray on: 12/19/2011 [Member] Silver | Points: 25

Up
0
Down
Hi,
I have already gone through this link,which has talked about sql injection while searching something.
But my question is related to insert/Input screen.


Thanks,
Sanjay

Sksamantaray, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Swapnil on: 12/19/2011 [Member] Starter | Points: 25

Up
0
Down
Hi Sksamantaray,

Following link has answer to your question + more... Hope it will be helpful.

http://www.securiteam.com/securityreviews/5DP0N1P76E.html

Thanks,
Swapnil

Thanks and Regards,
Swapnil

Sksamantaray, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Swapnil on: 12/19/2011 [Member] Starter | Points: 25

Up
0
Down
In above answer check for point no. 7.

After giving more thought on your scenario, there are 2 option possible.
1. Either through query string.
2. Either through input values entered by the user in your entry form.

As per my understanding you would not have query string in case of Insert. so 2nd option is possible. yes in 2nd option database table can be manipulated if it is not handled carefully. see this http://stackoverflow.com/questions/681583/sql-injection-on-insert for more info.

Thanks,
Swapnil

Thanks and Regards,
Swapnil

Sksamantaray, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: perfectchourasia-9163 on: 12/21/2011 [Member] Starter | Points: 25

Up
0
Down
When you retreive value such that

String Name=Textbox1.text.Replace(",","").Tostring().Trim();

To overcome the problem of sqlinjection Replace the sensitive input.

ER sandeep chourasia
sandeepchrs@yahoo.com (on facebook)
http://www.aspnetcodes.com/

Sksamantaray, if this helps please login to Mark As Answer. | Alert Moderator

Login to post response