SQL Injection in ASP.Net

Last Reply 5 months ago By kalpesh

Posted 5 months ago

Hi,

I have a query below and would like to know what are best tools onlien if so any. Or if we can tell by looking at specific code below how to prevent sql injection from happening it: 

        public bool UpdateIETMPSRates(int nVersionID, string strTrainingPath, int nSoldierRate, bool bBaseTable)
        {
            string eTConnectionString = null;
            string str = "p_UpdateIETMPSRates";
            bool flag = false;
            try
            {
                eTConnectionString = base.GetIETConnectionString();
                SqlParameter[] sqlParameter = new SqlParameter[] { new SqlParameter("@VersionID", SqlDbType.Int), null, null, null };
                sqlParameter[0].Value = nVersionID;
                sqlParameter[1] = new SqlParameter("@TrainingPath", SqlDbType.Char, 2);
                sqlParameter[1].Value = strTrainingPath;
                sqlParameter[2] = new SqlParameter("@SoldierRate", SqlDbType.Int, 4);
                sqlParameter[2].Value = nSoldierRate;
                sqlParameter[3] = new SqlParameter("@BaseTable", SqlDbType.Bit);
                sqlParameter[3].Value = bBaseTable;
                SqlHelper.CommandTimeout = 0;
                SqlHelper.ExecuteNonQuery(eTConnectionString, CommandType.StoredProcedure, str, sqlParameter);
                flag = true;
            }
            catch (Exception exception1)
            {
                Exception exception = exception1;
                flag = false;
                ExceptionManager.Publish(exception);
            }
            return flag;
        }

 

Posted 5 months ago

Refer below article link to understand SQL Injection attack and Prevention mechanisms and Techniques in ASP.Net.

SQL Injection Attack, its examples and Prevention mechanisms and Techniques in ASP.Net

Also refer below link how to use stored procedure in better way.

Calling Update SQL Server Stored Procedures using ADO.Net