Devart Forums

Discussion forums for open issues and questions concerning database tools, data access components and developer tools from Devart
https://forums.devart.com/

SQL injection vs insert and update data

https://forums.devart.com/viewtopic.php?f=28&t=37294

Page 1 of 1

SQL injection vs insert and update data

Posted: Thu 14 Jun 2018 15:11
by DmitriNL
Hi,

I was wondering how to handle SQL injection using UniDac components. Is there a standard method for the protection of inserting and updating data? Or do I need to filter all fields by myself? I found out that using parameters my application partially is protected from SQL injections.

Thank you in advance for your support.

Re: SQL injection vs insert and update data

Posted: Tue 19 Jun 2018 07:57
by ViktorV
If you want to protect against SQL injection at the protocol level, you can use security connections to the server. You can get information about using a secure connection in our help: https://devart.com/mydac/docs/?secureco ... ctions.htm
When working with SQL Server and Oracle in the protocol, there are built-in tools for protecting the protocol from SQL injection. If you have any questions after reading our answer - please contact us and we will try to give you a detailed answer in the shortly.
If you want to protect yourself against SQL injection at the level of your application, to get an answer to your question, please ask a corresponding question at the specialized forums.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/