What should considered to prevent Injection in request forms ?
e.g : using Recaptcha, preventing SQL Injections, etc ... what other item should be consider ?
+1
A:
Recaptcha, like any other CAPTCHA is a mechanism to identify someone as human. This has nothing to do with SQL injection.
In order to prevent SQL injection attacks, the best form of defense is to use data access libraries as these contain anti SQL injection measures.
You should alway use parameterized queries and never simply build up a SQL string yourself and pass that to the database.
Oded
2010-03-08 10:10:28
@Oded , -1 because. I didn't mentioned that How to prevent from SQL Injection, as it has some article in Stackoverflow and on the web. I want to know whats the steps or tools or etc which can prevent from any injection (including sql injection )
Nasser Hadjloo
2010-03-08 10:34:44
@Nasser Hajloo - your question is very unclear in that case. You need to edit it and say you want to understand what steps tools use to prevent SQL injection. You also need to clarify what types of injection you mean.
Oded
2010-03-08 10:53:59
+1
A:
Parameterized queries are a must.
You should also validate your input, both on the client and server sides, prior to binding.
duffymo
2010-03-08 10:12:13
+2
A:
- sanitize all your inputs. all only the required stuff.
- always use POST as the method in your form.
- in your server side scripting, anything that got from user should not be directly input to query. retrieve value from db and do the comparison or any other relevent action
coder
2010-03-08 10:16:39