BLOG CHAT: SQL Injection

DotNetKicks.com — Fri, 11 Jul 2008 17:16:53 GMT

You've been kicked (a good thing) - Trackback from DotNetKicks.com

re: BLOG CHAT: SQL Injection

Neil Carpenter — Fri, 11 Jul 2008 21:33:22 GMT

Excellent idea! I hope I can make it.

re: BLOG CHAT: SQL Injection

Ronnie Hoogland — Mon, 14 Jul 2008 15:56:10 GMT

Tom,

why is this such an hot topic? If you use parameters with your sqlCommand you shouldn't be affected by sql injection? or am i missing something?

re: BLOG CHAT: SQL Injection

Tom — Mon, 14 Jul 2008 20:16:26 GMT

Ronnie,

That is correct, I have had a few posts recently on this topic and there was a lot of discussion around that then. The main problem is with all the code that is already there, and that sometimes people don't think to use that. But that would be a good question for the chat if you come :)

Take a look at:

http://blogs.msdn.com/tom/archive/2008/05/29/sql-injection-and-how-to-avoid-it.aspx

http://blogs.msdn.com/tom/archive/2008/06/02/sql-injection-continued.aspx

http://blogs.msdn.com/tom/archive/2008/06/26/sql-injection-some-tools-to-help.aspx