Preventing SQL Injection?
Oct 25, 2010I have this code
UPDATE OPENQUERY (db,'SELECT * FROM table WHERE ref = ''"+ Ref +"'' AND bookno = ''"+ Session("number") +"'' ')
How would I prevent SQL Injections on this?
[code].....
ADVERTISEMENT
How To Correctly Create Web Service With WHERE Clause Preventing Injection
Jan 12, 2012I have a web service running that reliably returns a dataset and allows me to provide a list now drop down list box of records returned.I would like to capture the users selection from the DDL and call another web service to return detailed information regarding the selection. Hence a WHERE stmt in the query of the web service. I am of course worried about SQL injection. But I would ike to at least get the SQL stmt working.The selection is a string field type, and looks like this,[code]Everything works for other web services if I remove the query with the WHERE clause.
View 3 RepliesProtection Against SQL Injection And Other?
Dec 4, 2011I would like to know if removing the following specials character would be enough to protect my program against SQL Injection :
"'/*$%()!#^&
VS 2008 Is Dll Injection Possible
Jul 21, 2009I know it is possible with C#, C++, VB 6 but i'm not sure about VB.net 2008, i have looked around to see if it is possible but have not found a way. There isn't a specific reason i need to know, just curious... So, is it possible with vb.net, if so how? CreateRemoteThread?
View 30 Replies.net - Code Prevent SQL Injection?
Nov 25, 2009I've been contracted to analyze an existing Data Provider and I know the following code is faulty; but in order to point out how bad it is, I need to prove that it's susceptible to SQL injection.
Question What "Key" parameter could break the PrepareString function and allow me to execute a DROP statement?
[Code]...
SQL Injection-proofing TextBoxes?
Mar 21, 2012I've found some tutorials on this already, but they aren't exactly what I'm looking for, I can use the following for username fields and password fields
[Code]...
So I need to run this with parametrized queries rather than how I'm doing it now?
VS 2005 Prevent Sql Injection
Nov 19, 2009is there a way to detect if the text in a textbox contain code for Sql Injection?
View 2 RepliesAsp.net - SQL Queries Open To SQL Injection Attacks?
Jan 29, 2010I have re-written my code I would now like to check if my code is still open to SQL Injections after this work. I believe the code is now working as it should, but any blinding errors that you see i'd love to hear about too. My code is now looking like: -code removed-
View 5 RepliesC# - Get SQL Injection Attack From SELECT Statement?
Jul 8, 2009I know i must use Stored Procedures as much as Possible, but i would like to know the following.
A: Can i get a SQL Injection attack from a SELECT statement such as (Select * from MyTable) ?
B: Also, can i get a SQL Injection attack when I use the SQLDataSource in ASP.NET?
SQL Injection : SELECT Fields FROM Table
Nov 17, 2011I will post a sequence of examples and thought about sql injection, I wish the expert will correct any small mistake in what I will say so I can know exactly the possible danger.
The required is to create a function in vb.net that accept 2 parameter (table_name, fields_list) and return the result in datatable
Now, I am aware of that table_name and fields_list cannot be passed as parameter to the command object using .AddParameter
here is a couple of thoughts, what I would like to know is
1- which function is exposed to sql injection
2- Which function is more safe
Public Class Form14
Dim conn as New SqlClient.SqlConnection(connection_string)
Private Sub Button1_Click( ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
[code].....
VS 2010 DLL Injection And Packet Editing
Jun 14, 2011I have a question... I recently came across a program called WPE Pro (Winsock Packet Editor Pro). Basically what it does is lets you sniff, edit and send packets intercepted from a process. Thats the key word here PROCESS. From what I can tell WPE uses DLL injection to sniff and inject packets directly into an active socket connection on the target process. What I want to know is how would I go about achieving this? If it isn't possible with the .NET language, is it possible to goto C++ or something?
View 4 Replies.net - Prevent SQL Injection In Dynamic Column Names?
Jun 8, 2012My question is how best to avoid SQL Injection with the method I am currently using.EDIT (Reasoning): There are many of columns in a number of tables (a number which grows (only) and is maintained elsewhere). I need a method of allowing the user to decide which (predefined) column they want to query (and if necessary apply string functions to). The query itself is far too complex for the user to write themselves, nor do they have access to the db. There are 1000's of users with varying requirements and I need to remain as flexible as possible - I shouldn't have to revisit the code unless the main query needs to change - Also, there is no way of knowing what conditions the user will need to use
View 2 Replies.Net Dependency Injection On Debug Build Using Nant?
May 26, 2009I have a relatively small app that Im building using vb.net 2.0, and nant. Its a app that calls out to an external exe to produce some output files, then processes those output files afterwards.I have built an interface to the exe, which I have created a stub implementation and the real implementation, what I would like to be able to do is use nant to either create a DEBUG build of the app, which calls the stub implementation, or create a PROD build of the app which will use the correct implementation.
View 2 RepliesDB/Reporting :: Is Application Immune To SQL Injection Attacks
Sep 18, 2008I'm developing a VS2008 ASP.NET VB.NET application that uses a SQL Server Express databaseALL database access is via parametrized stored procedures, where I pass the data for each field to the stored procedure as a parameter.
View 5 RepliesVS 2008 Dll Injection - When Dll Is Injected How To Activate A Function
May 17, 2009I know that hooks are programmed with C++.
I would like to know some stuff here:
1) When dll is injected how can u activate a function?
2) What is a class exactly in a dll?
3) Can you design a class?
Windows Forms Textbox Stored Procedure Code Injection?
Jul 12, 2011I have the following sub in a windows form:
Private Sub BTNC_storeclientdata_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles BTNC_storeclientdata.Click
' Update Clientdata[code].....
This performs an update in the SQL Database via a stored procedure. When I add '; insert into codeinjection(test) values ('CodeInjected!'); select ' in the last textbox (TBC_phone.Text) the value 'codeinjdected' is inserted into the table codeinjection as well. How can I avoid this?
Preventing .NET From Saving The Project?
Dec 29, 2009Is there a way to prevent the VB .NET editor from saving the project whenever IT LIKES TO ? It very annoying ; it so stupid that it saves things that I don't want to and that I didn't ask it to do .If I add a form and then close the editor , when I open the project again , that form is still there though I DIDN'T save it !If I change a declaration from Friend to Public and close the editor without saving , then when I open again the project , my modified code remains modified , though I DID NOT save it !Today I realized that if I delete some controls of a form and then close the Editor , then when I reopen it , the controls are missing for good ! It saved that modification by itself !
View 3 RepliesPreventing A Message Box Repeat
Feb 26, 2012I've completed an assignment that requires me to search through two listboxes for a particular number.If the number is found, the text on a label changes to a dollar amount, otherwise a message box is displayed letting the user know that the requested number cannot be found.It works well enough, searches through the listboxes, finds the number, and displays the message box when it can't be found.However, the message box shows repeatedly up to five times.After the user clicks "OK" on the fifth appearance, the program crashed and displays the follow message."Invalid Argument = Value of '5' is not valid for 'index'.Parameter name: index."I don't know what's causing this, or how to fix it.I do use the index as a counter at a portion of the program...but I'm not sure where I went wrong with it.[code]Also there are five items in the second listbox...probably has something to do with it.
View 2 RepliesPreventing Application Elevation In .NET?
Sep 20, 2010I designed an application in vb.net 2005 while using Administrator account on vista.After compiling the application it start requesting for elevation during startup.I will like to prevent this, because the customer is complaning
View 2 RepliesPreventing Coping Project?
Sep 27, 2011i have develop small project in vb.net and also created setup for it with license key but when i install the project in C drive it can run on another machine with simply copy it how to prevent this piracy
View 5 RepliesPreventing Form Minimizing?
Sep 24, 2009I have two froms when one from is opend it should not be minimized when mouse clicked outside the from like the message box in vb.net
View 1 RepliesPreventing Form2 From Moving?
Jun 28, 2010I have 2 forms. Form1 and Form2 When the user calls for a new record to be created, Form2 shows modally centered in form1. I have disabled the control box and need to stop the form from being moved by the mouse. I do not see (Movable) in the properties list.
View 3 RepliesPreventing JIT Debugger From Popping Up
Nov 15, 2011I have a program, I have published it, and I have been actually using it in my PC. Whenever it encounters an error, the JIT debugger comes out. How do I prevent it from popping up using try...catch blocks, or is there any other ways or code on how to do this?
View 3 RepliesPreventing Opening Another Window?
Dec 9, 2009<VB.NET 2008>I created a MDI frame and I try to open a Winform by clicking menu.I do not want to allow opening same winform which is already opened by user.How do I check whether the winform is already opened or not?
View 5 RepliesPreventing Printing Of WebBrowser?
Dec 12, 2010I am trying to prevent the user from activating a Print command for the content displayed in a WebBrowser. If the user hits Ctr P, the print dialog appears. I would think I have to trap this, but am not sure how to do this. There is no KeyPress event in the browser, and using the keypress event on the Form does not appear to trigger when text is typed into browser.
View 3 RepliesPreventing Software Piracy 2?
May 3, 2012The original post provoked more responses than I anticipated. Therefore I have tried to draw them together with this post.There appear to be several schools of thought on this issue.One holds that I should not release time-bombed software because it is illegal.
Suppose I include code that often randomly checks if the user is registered and then puts up a message and shuts down the program if a check fails - rather like an improved nag screen. Would this be regarded as illegal?One holds that I should not worry about it because the pirates wouldn't buy my software anyway.
Maybe, but there's no fun in that.One holds that it is a waste of time because it is impossible to protect 100%.Maybe, but once again no fun.My view was that an honest user buying from my site would get a genuine copy. If a dishonest user got a harmful copy and lost the lot then I couldn't care less.Reed Kimble pointed out the existence of "fake sellers" who could cause harm by selling honest users a dishonest copy.This is a problem that I had not thought of and it poses a dilemma.
If I do include protection, then how do I distinguish between and honest user and a dishonest one? They will both be caught by the protection.should I not include any protection at all so that the honest user doesn't lose out, and just accept that the dishonest one gets away with it?Or nail the pirate and accept the honest loser as collateral damage?
[code]....
Preventing The JavaScript Injections?
Mar 16, 2009What's the best way to prevent javascript injections in a VB.NET Web Application? Is there some way of disabling javascript on the pageload event?Recently, part of the security plan for our vb.net product was to simply disable buttons on the page that weren't available to the specific user. However, I informed the guy who thought of the idea that typing
javascript:alert(document.getElementById("Button1").disabled="")
in the address bar would re-enable the button.
Update:Aside from validating user input, how can I protect the website from being toyed with from the address bar?
[2005] Preventing Users From Using IE?
Jan 6, 2009Does anyone have any experience in writing VB.Net apps that control Internet usage? I have a friend that needs to have her office computers monitored in order to prevent the users from playing on the internet. I'm not sure what the best approach to this issue is.
View 9 RepliesParsing - Preventing Errors With HTMLAgilitypack
Dec 26, 2010I'm using the HTMLAgilityPack to parse HTML pages. However at some point I try to parse wrong data (in this specific case an image), which ofc fails for obvious reasons. Code:
How to check whether the content is 'parse-able' before trying to parse it to prevent the error? For now it is an image which makes an error popup however I think it might be just anything which isn't (x)html.
Preventing A Record From Being Added To The Database
Mar 19, 2010This code is driving me nuts. I have no idea what I could be missing that is preventing a record from being added to the Database. Here is what I have
[Code]...