Golgappa.net | Golgappa.org | BagIndia.net | BodyIndia.Com | CabIndia.net | CarsBikes.net | CarsBikes.org | CashIndia.net | ConsumerIndia.net | CookingIndia.net | DataIndia.net | DealIndia.net | EmailIndia.net | FirstTablet.com | FirstTourist.com | ForsaleIndia.net | IndiaBody.Com | IndiaCab.net | IndiaCash.net | IndiaModel.net | KidForum.net | OfficeIndia.net | PaysIndia.com | RestaurantIndia.net | RestaurantsIndia.net | SaleForum.net | SellForum.net | SoldIndia.com | StarIndia.net | TomatoCab.com | TomatoCabs.com | TownIndia.com
Interested to Buy Any Domain ? << Click Here >> for more details...


I am using SQL Server 2005, I have some select and update
statements in my query with WHERE clause

I want to prevent these queries from SQL injection attacks.
What are the steps and precautions to be taken for SQL
Injection attacks?
Does anybody have suggestions?


Thanks in advance,

Answers were Sorted based on User's Feedback



I am using SQL Server 2005, I have some select and update statements in my query with WHERE clause..

Answer / satish

Use Trigger to check the values cuming .. :)

Is This Answer Correct ?    4 Yes 0 No

I am using SQL Server 2005, I have some select and update statements in my query with WHERE clause..

Answer / murtaza

use DML triggers which helps u to prevent any modifications.

Is This Answer Correct ?    2 Yes 1 No

Post New Answer

More SQL Server Interview Questions

How many types of functions are there in sql server?

0 Answers  


List some major differences between triggers and stored procedures?

0 Answers  


What structure can you implement for the database to speed up table reads?

0 Answers  


How would we use distinct statement? What is its use?

0 Answers  


How many types of cursors are there in SQL Server?

5 Answers   247Customer, CarrizalSoft Technologies,


Can we insert data into a view?

0 Answers  


How do I find the port number for sql server?

0 Answers  


hi to all teachers,... Friends who write in the query mode Full text Search in Sql Server have experience Who make(Convert) this Stored Procedure as a normal Full text Search, which contains and .. Is used, into Advance of the tips I have thanked all friends perfection. Email : rezaafandi@yahoo.com Create PROCEDURE Sp_student @fname varchar(50), @lname varchar(50), @tel varchar(50), @code varchar(50), @adr varchar(50), @search_operation varchar(50), @totalRowCount bigint output AS begin if @search_operation = 'and' begin SELECT f3,f4,f5,f6,f7 FROM tb_student WHERE( f5 like '%' + @fname + '%' and f4 like '%' + @lname + '%' and f6 like '%' + @tel + '%' and f7 like '%' + @code + '%' and f3 like '%' + @adr +'%' ) select @totalRowCount = @@rowcount end

0 Answers  


What is the difference between delete and truncate statements?

0 Answers  


How do you maintain database integrity where deletions from one table will automatically cause deletions in another table?

0 Answers  


What is the difference between Clustered and Non-Clustered Index?

0 Answers  


Create and insert into temp table in sql server?

0 Answers  


Categories