Posts

Showing posts with the label SQL Execution

Safe SQL Literals

Handle SQL injection Manage the input data from UI  to be safe  for SQL execution has been problem in many sites which has caused lot of damage to different sites called as SQL injection. Hackers are always there looking into your website to find loop holes. Still people don't take care to handle these small issues which cause financial loss, as well as companies loose their clients. I am laying out a sample code which would help you to handle inputs for SQL injection. There are different samples available and the below is the one which I see to be most safest. public string SafeSqlLiteral(string strValue)     {         strValue = strValue.Replace("'", "''"); // Most important one! This line alone can prevent most injection attacks         strValue = strValue.Replace("--", "").Replace("[", "[[]").Replace("%", "[%]").Replace(" OR ", "").Replace(" or