Hai
I am developing an website with sdlc practices .How can i secure my website from sql injection After getting values from UI (Values from end -user) and send to DAL with query as well as values How can i go secure my site
Example U.I id=textbox.text
psw=textbox2.text
dt.exec_cmd("insert into mytable(id,psw) values('"+id+"','+psw+')");
DAL exec_cmd(string msg)
{
objsqlcmd = new sqlcommand(msg,constr);
objsqlcmd.execuetenonquery();
}
Wheather can i go with if (tbx.length>0 or tbx.trim () or any other way
Is there any optimal to achieve this function in DAL
Regards