Thursday, 7 August 2014

Welcome to code scratcher best blog for coding things I think you are on right place

Welcome to code scratcher

Here I will explain how to prevent SQL injection attacks in asp.net website with example using c#, vb.net. SQL injection means injecting some SQL commands in SQL statements to hack your data or delete data or change your data in tables via web page input.


C# code SqlCommand cmd = new SqlCommand("select Name,Total=value from countrydetails where value =@value", con); cmd.Parameters.AddWithValue("@value", txtSearch.Text);


C# code SqlCommand cmd = new SqlCommand("select Name,Total=value from countrydetails where value =@value", con); cmd.Parameters.AddWithValue("@value", txtSearch.Text);
SqlCommand cmd = new SqlCommand("select Name,Total=value from countrydetails where value =@value", con); cmd.Parameters.AddWithValue("@value", txtSearch.Text);
SqlCommand cmd = new SqlCommand("select Name,Total=value from countrydetails where value =@value", con); cmd.Parameters.AddWithValue("@value", txtSearch.Text);


C# code SqlCommand cmd = new SqlCommand("select Name,Total=value from countrydetails where value =@value", con); cmd.Parameters.AddWithValue("@value", txtSearch.Text);
SqlCommand cmd = new SqlCommand("select Name,Total=value from countrydetails where value =@value", con); cmd.Parameters.AddWithValue("@value", txtSearch.Text);
SqlCommand cmd = new SqlCommand("select Name,Total=value from countrydetails where value =@value", con); cmd.Parameters.AddWithValue("@value", txtSearch.Text);
SqlCommand cmd = new SqlCommand("select Name,Total=value from countrydetails where value =@value", con); cmd.Parameters.AddWithValue("@value", txtSearch.Text);
SqlCommand cmd = new SqlCommand("select Name,Total=value from countrydetails where value =@value", con); cmd.Parameters.AddWithValue("@value", txtSearch.Text);


C# code SqlCommand cmd = new SqlCommand("select Name,Total=value from countrydetails where value =@value", con); cmd.Parameters.AddWithValue("@value", txtSearch.Text);
SqlCommand cmd = new SqlCommand("select Name,Total=value from countrydetails where value =@value", con); cmd.Parameters.AddWithValue("@value", txtSearch.Text);
SqlCommand cmd = new SqlCommand("select Name,Total=value from countrydetails where value =@value", con); cmd.Parameters.AddWithValue("@value", txtSearch.Text);


This is end
Continue Reading...
Posted by at No comments:
Subscribe to: Comments (Atom)

Top

Designed By Templateism | Seo Blogger Templates