ASP.NET WebFormshttps://www.dotnetzone.gr:443/cs/forums/13/ShowForum.aspxΘέματα για web εφαρμογές, σε ASP.NET WebFormselCommunityServer 2.1 SP3 (Build: 20423.1)Απ: βοήθεια για sql injectionshttps://www.dotnetzone.gr:443/cs/forums/thread/53746.aspxWed, 16 Sep 2009 04:41:20 GMT2622095e-976c-431a-859e-16783ec7ecd7:53746nikolaosk0https://www.dotnetzone.gr:443/cs/forums/thread/53746.aspxhttps://www.dotnetzone.gr:443/cs/forums/commentrss.aspx?SectionID=13&PostID=53746<br>γενικά πριν εκτελέσεις SQL statements προσθέτεις παραμέτρους στο Command object, έτσι ώστε το sql statement να "ξέρει" ποιες τιμές θέλεις για παραμέτρους<br>Απ: βοήθεια για sql injectionshttps://www.dotnetzone.gr:443/cs/forums/thread/53736.aspxTue, 15 Sep 2009 18:32:51 GMT2622095e-976c-431a-859e-16783ec7ecd7:53736Dimitris Papadimitriou0https://www.dotnetzone.gr:443/cs/forums/thread/53736.aspxhttps://www.dotnetzone.gr:443/cs/forums/commentrss.aspx?SectionID=13&PostID=53736<P>Από sql injection πάντως είναι ok.</P>βοήθεια για sql injectionshttps://www.dotnetzone.gr:443/cs/forums/thread/53054.aspxThu, 13 Aug 2009 18:31:45 GMT2622095e-976c-431a-859e-16783ec7ecd7:53054xakou0https://www.dotnetzone.gr:443/cs/forums/thread/53054.aspxhttps://www.dotnetzone.gr:443/cs/forums/commentrss.aspx?SectionID=13&PostID=53054<P>Παρακάτω γράφω κάποιες γραμμές από τον κώδικα μου ώστε να δείτε πόσο ασφαλής είμαι σε sql injections (και όχι μόνο...)</P><FONT size=2> <P><STRONG><U><FONT color=#ff0000 size=4>Καταχώρηση</FONT></U></STRONG></P><FONT size=2> <P></FONT><FONT color=#0000ff size=2><FONT color=#0000ff size=2>&lt;</FONT></FONT><FONT color=#a31515 size=2><FONT color=#a31515 size=2>asp</FONT></FONT><FONT color=#0000ff size=2><FONT color=#0000ff size=2>:</FONT></FONT><FONT color=#a31515 size=2><FONT color=#a31515 size=2>TextBox</FONT></FONT><FONT size=2> </FONT><FONT color=#ff0000 size=2><FONT color=#ff0000 size=2>ID</FONT></FONT><FONT color=#0000ff size=2><FONT color=#0000ff size=2>="name"</FONT></FONT><FONT size=2> </FONT><FONT color=#ff0000 size=2><FONT color=#ff0000 size=2>runat</FONT></FONT><FONT color=#0000ff size=2><FONT color=#0000ff size=2>="server"</FONT></FONT><FONT size=2> </FONT><FONT color=#ff0000 size=2><FONT color=#ff0000 size=2>EnableViewState</FONT></FONT><FONT color=#0000ff size=2><FONT color=#0000ff size=2>="False"&gt;&lt;/</FONT></FONT><FONT color=#a31515 size=2><FONT color=#a31515 size=2>asp</FONT></FONT><FONT color=#0000ff size=2><FONT color=#0000ff size=2>:</FONT></FONT><FONT color=#a31515 size=2><FONT color=#a31515 size=2>TextBox</FONT></FONT><FONT color=#0000ff size=2><FONT color=#0000ff size=2>&gt;</P></FONT></FONT> <P><FONT color=#0000ff size=2><FONT color=#0000ff size=2>&lt;</FONT></FONT><FONT color=#a31515 size=2><FONT color=#a31515 size=2>asp</FONT></FONT><FONT color=#0000ff size=2><FONT color=#0000ff size=2>:</FONT></FONT><FONT color=#a31515 size=2><FONT color=#a31515 size=2>RegularExpressionValidator</FONT></FONT><FONT size=2> </FONT><FONT color=#ff0000 size=2><FONT color=#ff0000 size=2>ID</FONT></FONT><FONT color=#0000ff size=2><FONT color=#0000ff size=2>="RegularExpressionValidator14"</FONT></FONT><FONT size=2> </P> <P></FONT><FONT color=#ff0000 size=2><FONT color=#ff0000 size=2>runat</FONT></FONT><FONT color=#0000ff size=2><FONT color=#0000ff size=2>="server"</FONT></FONT><FONT size=2> </FONT><FONT color=#ff0000 size=2><FONT color=#ff0000 size=2>ControlToValidate</FONT></FONT><FONT color=#0000ff size=2><FONT color=#0000ff size=2>="name"</FONT></FONT><FONT size=2> </FONT><FONT color=#ff0000 size=2><FONT color=#ff0000 size=2>Display</FONT></FONT><FONT color=#0000ff size=2><FONT color=#0000ff size=2>="Dynamic"</FONT></FONT><FONT size=2> </P> <P></FONT><FONT color=#ff0000 size=2><FONT color=#ff0000 size=2>ErrorMessage</FONT></FONT><FONT color=#0000ff size=2><FONT color=#0000ff size=2>=" "</FONT></FONT><FONT size=2> </P> <P></FONT><FONT color=#ff0000 size=2><FONT color=#ff0000 size=2>ValidationExpression</FONT></FONT><FONT color=#0000ff size=2><FONT color=#0000ff size=2>="([^&amp;lt;&amp;gt;']|[\r\n]){1,50}"&gt;</FONT></FONT><FONT size=2> </FONT><FONT color=#0000ff size=2><FONT color=#0000ff size=2>&lt;/</FONT></FONT><FONT color=#a31515 size=2><FONT color=#a31515 size=2>asp</FONT></FONT><FONT color=#0000ff size=2><FONT color=#0000ff size=2>:</FONT></FONT><FONT color=#a31515 size=2><FONT color=#a31515 size=2>RegularExpressionValidator</FONT></FONT><FONT color=#0000ff size=2><FONT color=#0000ff size=2>&gt;</FONT></FONT></P> <P><FONT color=#0000ff size=2><FONT color=#0000ff size=2></FONT></FONT>&nbsp;</P><FONT color=#0000ff size=2><FONT color=#0000ff size=2><FONT color=#0000ff size=2><FONT color=#0000ff size=2> <P>&lt;</FONT></FONT><FONT color=#a31515 size=2><FONT color=#a31515 size=2>asp</FONT></FONT><FONT color=#0000ff size=2><FONT color=#0000ff size=2>:</FONT></FONT><FONT color=#a31515 size=2><FONT color=#a31515 size=2>DropDownList</FONT></FONT><FONT color=#000000 size=2> </FONT><FONT color=#ff0000 size=2><FONT color=#ff0000 size=2>ID</FONT></FONT><FONT color=#0000ff size=2><FONT color=#0000ff size=2>="sex"</FONT></FONT><FONT color=#000000 size=2> </FONT><FONT color=#ff0000 size=2><FONT color=#ff0000 size=2>runat</FONT></FONT><FONT color=#0000ff size=2><FONT color=#0000ff size=2>="server"</FONT></FONT><FONT color=#000000 size=2> </FONT><FONT color=#ff0000 size=2><FONT color=#ff0000 size=2>Width</FONT></FONT><FONT color=#0000ff size=2><FONT color=#0000ff size=2>="160px"&gt;</P></FONT></FONT><FONT size=2> <P></FONT><FONT color=#0000ff size=2><FONT color=#0000ff size=2>&lt;</FONT></FONT><FONT color=#a31515 size=2><FONT color=#a31515 size=2>asp</FONT></FONT><FONT color=#0000ff size=2><FONT color=#0000ff size=2>:</FONT></FONT><FONT color=#a31515 size=2><FONT color=#a31515 size=2>ListItem</FONT></FONT><FONT color=#0000ff size=2><FONT color=#0000ff size=2>&gt;male</FONT></FONT><FONT color=#0000ff size=2><FONT color=#0000ff size=2>&lt;/</FONT></FONT><FONT color=#a31515 size=2><FONT color=#a31515 size=2>asp</FONT></FONT><FONT color=#0000ff size=2><FONT color=#0000ff size=2>:</FONT></FONT><FONT color=#a31515 size=2><FONT color=#a31515 size=2>ListItem</FONT></FONT><FONT color=#0000ff size=2><FONT color=#0000ff size=2>&gt;</P></FONT></FONT><FONT size=2> <P></FONT><FONT color=#0000ff size=2><FONT color=#0000ff size=2>&lt;</FONT></FONT><FONT color=#a31515 size=2><FONT color=#a31515 size=2>asp</FONT></FONT><FONT color=#0000ff size=2><FONT color=#0000ff size=2>:</FONT></FONT><FONT color=#a31515 size=2><FONT color=#a31515 size=2>ListItem</FONT></FONT><FONT color=#0000ff size=2><FONT color=#0000ff size=2>&gt;</FONT></FONT><FONT size=2>female</FONT><FONT color=#0000ff size=2><FONT color=#0000ff size=2>&lt;/</FONT></FONT><FONT color=#a31515 size=2><FONT color=#a31515 size=2>asp</FONT></FONT><FONT color=#0000ff size=2><FONT color=#0000ff size=2>:</FONT></FONT><FONT color=#a31515 size=2><FONT color=#a31515 size=2>ListItem</FONT></FONT><FONT color=#0000ff size=2><FONT color=#0000ff size=2>&gt;</P></FONT></FONT><FONT size=2> <P></FONT><FONT color=#0000ff size=2><FONT color=#0000ff size=2>&lt;/</FONT></FONT><FONT color=#a31515 size=2><FONT color=#a31515 size=2>asp</FONT></FONT><FONT color=#0000ff size=2><FONT color=#0000ff size=2>:</FONT></FONT><FONT color=#a31515 size=2><FONT color=#a31515 size=2>DropDownList</FONT></FONT><FONT color=#0000ff size=2><FONT color=#0000ff size=2>&gt;</FONT></FONT></P> <P><FONT color=#0000ff size=2><FONT color=#0000ff size=2></FONT></FONT>&nbsp;</P><FONT color=#0000ff size=2><FONT color=#0000ff size=2><FONT size=2> <P></FONT><FONT color=#0000ff size=2><FONT color=#0000ff size=2>&lt;</FONT></FONT><FONT color=#a31515 size=2><FONT color=#a31515 size=2>asp</FONT></FONT><FONT color=#0000ff size=2><FONT color=#0000ff size=2>:</FONT></FONT><FONT color=#a31515 size=2><FONT color=#a31515 size=2>CheckBox</FONT></FONT><FONT size=2> </FONT><FONT color=#ff0000 size=2><FONT color=#ff0000 size=2>ID</FONT></FONT><FONT color=#0000ff size=2><FONT color=#0000ff size=2>="mobile"</FONT></FONT><FONT size=2> </FONT><FONT color=#ff0000 size=2><FONT color=#ff0000 size=2>runat</FONT></FONT><FONT color=#0000ff size=2><FONT color=#0000ff size=2>="server"</FONT></FONT><FONT size=2> </FONT><FONT color=#ff0000 size=2><FONT color=#ff0000 size=2>Text</FONT></FONT><FONT color=#0000ff size=2><FONT color=#0000ff size=2>="mobile"</FONT></FONT><FONT size=2> </FONT><FONT color=#0000ff size=2><FONT color=#0000ff size=2>/&gt;</FONT></FONT></P> <P><FONT color=#0000ff size=2><FONT color=#0000ff size=2>&nbsp;</P></FONT></FONT></FONT></FONT></FONT></FONT> <P><STRONG><U>code behide</U></STRONG></P> <P>DBCmd = </FONT><FONT color=#0000ff size=2><FONT color=#0000ff size=2>New</FONT></FONT><FONT size=2> SqlCommand(</FONT><FONT color=#a31515 size=2><FONT color=#a31515 size=2>"INSERT INTO&nbsp;PINAKAS (name, sex, mobile) VALUES (@name, @sex, @mobile)"</FONT></FONT><FONT size=2>, DBConn)</FONT></P><FONT size=2><FONT size=2> <P>DBCmd.Parameters.Add(</FONT><FONT color=#a31515 size=2><FONT color=#a31515 size=2>"@name"</FONT></FONT><FONT size=2>, SqlDbType.NVarChar).Value = <FONT color=#a31515>name</FONT>.Text</P></FONT></FONT> <P><FONT size=2>DBCmd.Parameters.Add(</FONT><FONT color=#a31515 size=2><FONT color=#a31515 size=2>"@sex"</FONT></FONT><FONT size=2>, SqlDbType.NVarChar).Value = <FONT color=#a31515>sex</FONT>.SelectedItem.Text</FONT></P><FONT size=2> <P>DBCmd.Parameters.Add(</FONT><FONT color=#a31515 size=2><FONT color=#a31515 size=2>"@mobile"</FONT></FONT><FONT size=2>, SqlDbType.Bit).Value = <FONT color=#a31515>mobile</FONT>.Checked</FONT></P><FONT size=2> <P>DBCmd.ExecuteNonQuery()</P></FONT> <P>&nbsp;</P> <P><FONT size=2>&nbsp;</P></FONT> <P><FONT size=2>&nbsp;</P></FONT>