The various techniques used to prevent SQL injections are:
1. Parameterized query
2. Stored procedure
3. Regular expression to discard input string
4. Quoteblock function
5. Don't show detailed error messages to the user.
6. Have a less privileged user/role of your application in database.
http://www.codeproject.com/KB/web-security/SqlInjection.aspx
Komentar
Posting Komentar