How to use SQL Injection while insert a record

Posted by Sksamantaray under ASP.NET on 11/22/2011 | Points: 10 | Views : 3261 | Status : [Member] | Replies : 5

Write New Post |

Search Forums | Answered

Resolved Posts |

Un Answered Posts |

Forums Home

Hi,
While using an input screen you came to know that certain fields accept single quote.
This is a input screen only.
In such a situation can a database table be manipulated?

Thanks,
Sanjay

Reply | Reply with Attachment

Alert Moderator

Responses

Posted by: Sksingh on: 12/19/2011 [Member] Starter | Points: 25

0	Hi, Try this link http://www.codeproject.com/KB/web-security/SqlInjection.aspx Regards, Sunil Sksamantaray, if this helps please login to Mark As Answer. \| Alert Moderator

Posted by: Sksamantaray on: 12/19/2011 [Member] Silver | Points: 25

0	Hi, I have already gone through this link,which has talked about sql injection while searching something. But my question is related to insert/Input screen. Thanks, Sanjay Sksamantaray, if this helps please login to Mark As Answer. \| Alert Moderator

Posted by: Swapnil on: 12/19/2011 [Member] Starter | Points: 25

0	Hi Sksamantaray, Following link has answer to your question + more... Hope it will be helpful. http://www.securiteam.com/securityreviews/5DP0N1P76E.html Thanks, Swapnil Thanks and Regards, Swapnil Sksamantaray, if this helps please login to Mark As Answer. \| Alert Moderator

Posted by: Swapnil on: 12/19/2011 [Member] Starter | Points: 25

0	In above answer check for point no. 7. After giving more thought on your scenario, there are 2 option possible. 1. Either through query string. 2. Either through input values entered by the user in your entry form. As per my understanding you would not have query string in case of Insert. so 2nd option is possible. yes in 2nd option database table can be manipulated if it is not handled carefully. see this http://stackoverflow.com/questions/681583/sql-injection-on-insert for more info. Thanks, Swapnil Thanks and Regards, Swapnil Sksamantaray, if this helps please login to Mark As Answer. \| Alert Moderator

In above answer check for point no. 7.

After giving more thought on your scenario, there are 2 option possible.
1. Either through query string.
2. Either through input values entered by the user in your entry form.

As per my understanding you would not have query string in case of Insert. so 2nd option is possible. yes in 2nd option database table can be manipulated if it is not handled carefully. see this http://stackoverflow.com/questions/681583/sql-injection-on-insert for more info.

Thanks,
Swapnil

Thanks and Regards,
Swapnil

Sksamantaray, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: perfectchourasia-9163 on: 12/21/2011 [Member] Starter | Points: 25

0	When you retreive value such that String Name=Textbox1.text.Replace(",","").Tostring().Trim(); To overcome the problem of sqlinjection Replace the sensitive input. ER sandeep chourasia sandeepchrs@yahoo.com (on facebook) http://www.aspnetcodes.com/ Sksamantaray, if this helps please login to Mark As Answer. \| Alert Moderator

Latest Posts