Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Examples of SQL injection even when using SQLParameter in .NET?

Tags:

.net

sql

sql-server

ado.net

I heard that SQL Injection can still be possible when using ADO.NET SQLParameter (paramterised query) for SQL Server.

I am looking for real examples in C#/VB code as proof.

EDIT: I am looking for SPECIFIC working examples. Not introductions to sql injection or how to prevent it.

like image 836
Tony_Henrich Avatar asked Mar 01 '23 07:03

Tony_Henrich

1 Answers

If you're creating a statement in a stored proc and using sp_executesql, a parameterized query is a false safety net.

like image 68
Austin Salonen Avatar answered Mar 03 '23 06:03

Austin Salonen
Sign in to Comment

Related questions

How do you use the CopyIntoItems method of the SharePoint Copy web service?
.NET inter-process "events"
Should I pass sensitive data to a Process.Start call in .NET?
LINQ to SQL architecture. What is best?
Hosted Source Control?
Read file that is used by another process
What is the cause of System.IO.IOException on windows XP embedded version?
How to write an entity comparator in C# (with example code of first attempt) [duplicate]
Installing .NET Windows Service
WinForm Calendar. Is there a freeware one?
Performing your own runtime analysis of your code in C#
How to move all coordinate from a WPF PolyLine object?
Fastest way to move a part of an array to the right
C# class size calculation
MsgBox is coming below the Splash screen in VB.NET
How to notify my JS client without polling?
Firefox ignores Response.ContentType
C# - Multiple generic types in one list II
I know I'm doing validation wrong. Please persuade me to stop :)
Is it a bad idea to put frequent file I/O operations within a SyncLock block?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!