Monday, October 1, 2018

five things to unicode encode to prevent SQL injection attacks in web forms applications

HP Fortify itself suggests you can beat most SQL injection attacks at URL line variables in web forms applications by cleaning the strings handed in like so:

string clean = dirty.Replace("&", "&").Replace("\"", """).Replace(">",
      "&gt;").Replace("<", "&lt;").Replace("'", "&apos;");

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)