sql injection

Question

if i use stored procedure in my website,is it possible hackers use sql injection in my website?
and how can i send some information to next page like qureystring but send information do not show in url?

Kirtan Patel · Answer

Hi, Friend, by the way the chances are very rar to Inject SQl when you are using Stored Procedure . but still if you want to Use Query String then you need to filter The String hat you get From the Query String .. like if Data you passing to Database Contain Symbolic data like " ' % & " = " then don't do process and Show user Error by this characters user can sql inject :) you can do this By Validating String using RegEx or Simply using if condition like string x = "Test "; if( x.Contain('&') == true) { //refuse user to process } else { /// Do Process on Database }

bahare g · Answer

i have very visitor and i have very page that i need send information to another page,if i use session,is it possible use much session become cause error or low speed to return value?please describe about away of sql injection with stored procedure.

Kirtan Patel · Answer

You can use sessions to send information . to another page without showing it in url and still if you use Query String then dont forget to Validate it before sending it to database you can use session like below Page 1 -------- string x= "SampleData For sending to Page 2"; Session["Data"] = x; now retrieve it in page 2 -------------------------- if ( Session["Data"] != null) { string RetrivedData = Session["Data"].ToString(); } if my answer helped you then check " Do you like this answer check box please :)

sql injection

Answers (3)