We will be posting many tips on managing your database as well as tips on managing your web hosting environment. This tip is on SQL Injection so you can learn how to protect your database¬†from hackers. Here you go — free on us — compliments of http://www.sozohosting.com/ and also compliments of http://www.biznesstechnologies.com/ :

How do I stop SQL Injectons In My Application?

SQL injections are performed by hackers using your application code to run SQL statements that you did not plan on. SQL injections can occur if you have edit boxes that allow users to enter some text and then you use that text they entered tacking it on to the end of a standard SQL lookup statement and then run that concatenated SQL statement against your database.

To stop SQL injections, you should first know a lot about SQL commands and how to avoid writing code that lets users run a SQL statement other than what SQL you wanted to perform. You should add client side valiation to your code on all places where users can enter some text into a text box on your application screens. Do not allow the following characters in an input box:

percent sign, greater than sign, less than sign, semi-colon, single quote, double quote….

You also could limit text entered on your application screen’s edit boxes to only be a-z characters, and/or 0-9 digits as that is even more protection.

Click on these links below and read the information for further instructions (like always using stored procedures) on how to protect your websites against SQL injections.

http://msdn.microsoft.com/en-us/library/ms998271.aspx
http://blogs.msdn.com/tom/archive/2008/05/29/sql-injection-and-how-to-avoid-it.aspx

Categories: Uncategorized ,Web Hosting ,Web Hosting and Database Tips


Leave a Reply

You must be logged in to post a comment.