Data Security: Stop SQL Injection Attacks Before They Stop You — MSDN Magazine, September 2004
To prevent SQL injections:
1) Input validation
2) Parameteric query
3) Stored procedures
4) Limited previleges given to a user
5) Don’t spit out error messages; especially, never to a remote user.
Leave a Reply