SQL Injection

Courtesy: uber:ASP.Net By now you’re probably familiar with the risk of SQL injection attacks. Just to refresh your memory, this is when a naughty user of your site gets actual SQL statements to execute by way of a form on your page. If you concatenate strings to form SQL commands, you’re at risk. Consider this spot of code: string sql = “SELECT * FROM User WHERE Name = ‘” + NameTextBox.Text + “‘ AND Password = ‘” + PasswordTextBox.Text + “‘”; Seems innocent enough, right? If someone knows that your code looks like that, you could be in a world … Continue reading SQL Injection