SQL injection?

John · Feb 22, 2006

Is it possible for SQL injection to be used through the Edit feature on an
asp.net 2005 data grid view control?

Ken Cox - Microsoft MVP · Feb 22, 2006

Are you using stored procedures? That's usually the safe way.

Darren Kopp · Feb 23, 2006

Dragon · Mar 1, 2006

I use the SqlCommand object and pass the value through parameter.
it will escape the character itself.
enough to avoid injection, maybe.

Ken Cox - Microsoft MVP · Mar 1, 2006

Here's something that just came out that will ensure you don't get hit:

http://www.microsoft.com/downloads/...92-7ad9-496c-9a89-af08de2e5982&displaylang=en

Ken
Microsoft MVP [ASP.NET]

Search Results with Pagination	1	Oct 25, 2024
Best Method to Recover Corrupted SQL Database Files	2	Jan 7, 2025
Procedure Invalid Identifier in SQL / PLSQL	1	Jul 26, 2022
How can I click on an entry of my Kendo/Telerik Grid and show more detailed information in a Detail view?	0	Sep 13, 2022
SQL 2008 DTSX SSIS with SQL 2022 Developer	1	May 19, 2023
SQL Injection detection	1	Mar 12, 2008
Hey can anyone tell me why input data wont save in my database?	2	Jun 15, 2024
Artificial Intelligence Proposal	2	Mar 28, 2024

Ask a Question