Input Validation
Aside from the business need to ensure that your databases maintain valid and consistent data, you must validate data prior to submitting it to the database to prevent SQL injection. If your data access code receives its input from other components inside the current trust boundary and you know the data has already been validated (for example, by an ASP.NET Web page or business component) then your data access code can omit extensive data validation. However, make sure you use SQL parameters in your data access code. These parameters validate input parameters for type and length. The next section discusses the use of SQL parameters.
Improving Web Application Security: Threats and Countermeasures
ISBN: 0735618429
EAN: 2147483647
EAN: 2147483647
Year: 2003
Pages: 613
Pages: 613
Authors: Microsoft Corporation
- Chapter IX Extrinsic Plus Intrinsic Human Factors Influencing the Web Usage
- Chapter X Converting Browsers to Buyers: Key Considerations in Designing Business-to-Consumer Web Sites
- Chapter XI User Satisfaction with Web Portals: An Empirical Study
- Chapter XIII Shopping Agent Web Sites: A Comparative Shopping Environment
- Chapter XVII Internet Markets and E-Loyalty