sample validation code for sql injection attact

[Guest]

hi,

can anybody gives me a sample code where the sql injection attack is
validated.

how can i do that in business logic layer and pass the error to the
presentation tier

I want the sample code

Thnx,
bye
ss

 

[Guest]

If your code is safe from SQL injections, an attempt to do one shouldn't
result in an error message, as it doesn't cause any error.

The easiest way to prevent SQL injections is to use parameterized
queries. That way the command object takes care of encoding the values
correctly.

Additional security can be achieved by only using stored procedures in
the queries, and limit the database user to only have permission to run
stored procedures. That way it's not even possible to execute an SQL
query using the connection.

 

[bruce barker \(sqlwork.com\)]

you must also insure that your stored procs are safe from injection. a lot
of the search examples in this newsgroup are not safe.

-- bruce (sqlwork.com)

 

[Guest]

Hi,
I asked for a sample code to validate the sql injection in the business
logic layer and data access layer.

I knew these things like what to do against sql inject attack.

All that wanted is a validation logic in BLL & DAL

bye
ss

 

[Guest]

What do you mean by validating an SQL injection attack, then?