Menu
I need to insert multiple rows at the same time (1000 rows) into a SQL Server database. I think best way is to use SqlBulkCopy but I'm not sure how to parametrize insert queries to be safe from SQL injection.
Can you please help me? What is best way to perform multiple insert statements (SQL injection safe)?
Thank you.
638
Developers can prevent SQL Injection vulnerabilities in web applications by utilizing parameterized database queries with bound, typed parameters and careful use of parameterized stored procedures in the database. This can be accomplished in a variety of programming languages including Java, . NET, PHP, and more.
Microsoft SQL Server includes a popular command-line utility named bcp for quickly bulk copying large files into tables or views in SQL Server databases. The SqlBulkCopy class allows you to write managed code solutions that provide similar functionality.
Types of SQL Injections. SQL injections typically fall under three categories: In-band SQLi (Classic), Inferential SQLi (Blind) and Out-of-band SQLi. You can classify SQL injections types based on the methods they use to access backend data and their damage potential.
Cryptography is one of the dominant techniques to prevent SQL injection attacks. All the confidential data are encrypted and stored in the database; even if the hacker gains access to the database, he/she cannot be able to decrypt the data without the knowledge of algorithm and key used to encrypt the data.
The best way to insert multiple rows is by using SqlBulkCopy.
The SqlBulkCopy class is already safe from SQL Injection. So you don't have to worry about this.
196
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
