tags:

views:

246

answers:

4
Q: 

SQL injection attack on asp registration form pages?

I need to know the process of the SQL injection attack on registration form made by asp or asp.net ? this is a crucial question to me. thank you

+1  A: 

See How to avoid SQL Injection in ASP.net application

Galwegian  2009-07-15 13:20:11
A: 

Always validate the SQL query, remove any unwanted characters and use SQL Parameters to avoid SQL Injection.

James  2009-07-15 13:21:03
+4  A: 

here is a simple example:

screen input:

enter your name:  Bill'); delete from users --

build query

insert into users (name) values ('''+@Name+''')'

actual query:

insert into users (name) values ('Bill'); delete from users --')

what happens: all your users get deleted

FYI, not sure of the database you're using, but @Name is a variable, and "--" is a comment

KM  2009-07-15 13:21:17
+1 nice pseudocode
Mercer Traieste  2009-07-15 13:50:31
A: 

Use stored procedures to avoid SQL injection, also use Server.HtmlEncode(string input)

 2009-07-15 13:32:04

related questions

Backup SQL Schema Only?
Sql to query a dbs scheme
Timer-based event triggers
Sql query, count and group by
Paging SQL Server 2005 Results
SQL 2005 For XML Explicit - Need help formatting
How do I use T-SQL Group By
What all do I need to escape when sending a (My)SQL query?
Split String in SQL
Datatable vs Dataset
ASP.NET MVC "CRUD" Database Sample
Convert HashBytes to VarChar
Best Book for a new Database Developer
What is the best way to avoid SQL injection attacks?
What language do you use for Postgresql triggers and stored procedures?
What is the best way to handle multiple permission types?
How do I index a database field
Swap unique indexed column values in database.
cx_Oracle - what is the best way to iterate over a result set?
cx_Oracle - How do I access Oracle from Python?
Is there a version control system for database structure changes?
How to export data from SQL Server 2005 to MySQL
ASP.NET Site Maps
Decoding T-SQL CAST in C#/VB.net
Flat File Databases in PHP