Here i am using a funtion in .net core serverside, every thing works fine here.
Here the issue related to security.
Here jtSorting contains a string value and jsonAdvancedSearchFilterCriteria contains a JSON.stringify value, these two are affected by SQL Injection. Anyone help on this to solve?
public JsonResult List(string extraParams, int jtStartIndex = 0, int jtPageSize = 0, string jtSorting = null, string jsonAdvancedSearchFilterCriteria = null)
{
try
{
var returnData = objCustomBusiness.List(extraParams, jtStartIndex, jtPageSize, jtSorting, jsonAdvancedSearchFilterCriteria);
return Json(new
{
Result = returnData.Result,
Records = returnData.Records,
TotalRecordCount = returnData.TotalRecordCount
});
}
catch (Exception ex)
{
return Json(new { Result = "ERROR", Message = ex.Message });
}
}