Hi,
I was wondering how to handle SQL injection using UniDac components. Is there a standard method for the protection of inserting and updating data? Or do I need to filter all fields by myself? I found out that using parameters my application partially is protected from SQL injections.
Thank you in advance for your support.
SQL injection vs insert and update data
Re: SQL injection vs insert and update data
If you want to protect against SQL injection at the protocol level, you can use security connections to the server. You can get information about using a secure connection in our help: https://devart.com/mydac/docs/?secureco ... ctions.htm
When working with SQL Server and Oracle in the protocol, there are built-in tools for protecting the protocol from SQL injection. If you have any questions after reading our answer - please contact us and we will try to give you a detailed answer in the shortly.
If you want to protect yourself against SQL injection at the level of your application, to get an answer to your question, please ask a corresponding question at the specialized forums.
When working with SQL Server and Oracle in the protocol, there are built-in tools for protecting the protocol from SQL injection. If you have any questions after reading our answer - please contact us and we will try to give you a detailed answer in the shortly.
If you want to protect yourself against SQL injection at the level of your application, to get an answer to your question, please ask a corresponding question at the specialized forums.