How do I prevent SQL Injection?

There're several ways to prevent SQL Injection. One method is to validate each input, ensure that no special characters or SQL sub-strings enter your input. An attacker might still slip through that validation filter. A stronger approach is to avoid using dynamic SQL queries while querying the database. CallableStatements and PreparedStatements in Java, ADOCommand objects in ASP.Net all use pre-compiled queries that are safe from SQL Injection.

We discussed these techniques in this Palisade Quiz.

Home | Contact Us | Privacy Policy

© Copyright 2007 Plynt, Inc. All rights reserved.