Preventing SQL injection attacks
SQL injection attacks are a very real problem. There are too many applications that still make themselves vulnerable to this kind of attack. If you develop a web application or website, you should be vigilant of bad database operations. Vulnerable in-line SQL exposes the database to a SQL injection attack. A SQL injection attack is where an attacker modifies SQL statements via a web form input box to produce a different result than originally intended. This is usually attempted on a form where the web application is supposed to access the database to authenticate the user login. By not sanitizing the user input, you are exposing your data to exploits such as this.
The accepted solution to mitigate SQL injection attacks is to create a parametrized stored procedure and call that from your code.
Getting ready
You need to create the CookbookDB
database in your SQL Server before continuing this recipe. You will find the script in the _database scripts
folder in the...