http://blogs.msdn.com/tom/archive/2008/06/02/sql-injection-continued.aspxMy previous post on this topic generated so much discussion that I thought I should post about it some more.&#160; Specifically I wanted to write about means of checking your code for possible SQL Injection problems. The first means of checking, if youen-USCommunityServer 2.1 SP1 (Build: 61025.2)http://blogs.msdn.com/tom/archive/2008/06/02/sql-injection-continued.aspx#8569589Mon, 02 Jun 2008 18:43:41 GMT91d46819-8472-40ad-a661-2c78acb4018c:8569589DotNetKicks.com<p>You've been kicked (a good thing) - Trackback from DotNetKicks.com</p> http://blogs.msdn.com/tom/archive/2008/06/02/sql-injection-continued.aspx#8571106Tue, 03 Jun 2008 10:05:21 GMT91d46819-8472-40ad-a661-2c78acb4018c:8571106roger<p>I have been attacked 6 times within 2 weeks and cant run my business. Whats the best way to stop this?</p>http://blogs.msdn.com/tom/archive/2008/06/02/sql-injection-continued.aspx#8571184Tue, 03 Jun 2008 11:01:58 GMT91d46819-8472-40ad-a661-2c78acb4018c:8571184Shail<p>Hi Tom,</p> <p>So I am using Visual Studio 2005 professional edition ( we can not afford to have VS 2008 right now ). Now how I can use it to detect SQL Injection pron queries, Also what other tools or add-ins I can use with my professional edition so that I can detect XSS attacks and any other possible threats.</p> <p>Something like I ask the &quot;tool&quot; check my code for all possible attacks and vulnerability.</p> <p>Can you please suggest something ??</p> <p>Thanks,</p> <p>Shail</p>http://blogs.msdn.com/tom/archive/2008/06/02/sql-injection-continued.aspx#8571247Tue, 03 Jun 2008 11:53:53 GMT91d46819-8472-40ad-a661-2c78acb4018c:8571247StevenMcD<p>Maybe its just me, but I feel inline SQL is incredibly bad design. Especially with the introduction of LiNQ. To me, there is no longer a reason to include inline SQL in any project ever.</p>http://blogs.msdn.com/tom/archive/2008/06/02/sql-injection-continued.aspx#8571627Tue, 03 Jun 2008 17:53:57 GMT91d46819-8472-40ad-a661-2c78acb4018c:8571627Tom<p>Roger,</p> <p>Are you discovering problems or they are just trying to get in? &nbsp;If you have problems, I'd suggest contacting someone to help you figure out how you can stop the attacks. &nbsp;If you are using Microsoft products, we will be glad to assist you in locking down the server and protecting it. &nbsp;So my &quot;Contacting Tom&quot; post:</p> <p><a rel="nofollow" target="_new" href="http://blogs.msdn.com/tom/archive/2007/11/15/contacting-tom.aspx">http://blogs.msdn.com/tom/archive/2007/11/15/contacting-tom.aspx</a></p> <p>For information on how to contact support.</p> http://blogs.msdn.com/tom/archive/2008/06/02/sql-injection-continued.aspx#8571631Tue, 03 Jun 2008 17:59:25 GMT91d46819-8472-40ad-a661-2c78acb4018c:8571631Tom<p>Shail,</p> <p>Have you checked the tools that I linked to this post? &nbsp;The 3 towards the bottom don't rely on VS2008 and may help you.</p> http://blogs.msdn.com/tom/archive/2008/06/02/sql-injection-continued.aspx#8571635Tue, 03 Jun 2008 18:00:45 GMT91d46819-8472-40ad-a661-2c78acb4018c:8571635Tom<p>StevenMcD,</p> <p>While I agree that Linq does help a lot, there are still some legacy projects that have this code it is that someone may be update to upgrade to Linq right away. &nbsp;Hopefully I will have a post about Linq soon to help with this also.</p> http://blogs.msdn.com/tom/archive/2008/06/02/sql-injection-continued.aspx#8573781Wed, 04 Jun 2008 21:36:16 GMT91d46819-8472-40ad-a661-2c78acb4018c:8573781theredhead<p>Tom, great to see this, too bad I didn't see it until now!</p>http://blogs.msdn.com/tom/archive/2008/06/02/sql-injection-continued.aspx#8765965Wed, 23 Jul 2008 08:34:45 GMT91d46819-8472-40ad-a661-2c78acb4018c:8765965jay<p>hi tom</p> <p>im jay and im a comsci student..At this moment im still searching for my thesis..&quot;SQL Injection Analysis: Attacks and Vulnerabilities&quot;</p> <p>i want to ask some opinion from you.</p> <p>you can email me at (me_comsci@yahoo.com)</p>