How to mitigate SQL injection effect?

Question

I am trying to reduce the vulnerabilities of my web application so that my web application will safe from SQL injection. So, can i use triggers to reduce some of the SQL injection attacks?

possible duplicate of [Avoiding SQL injection without parameters](http://stackoverflow.com/questions/910465/avoiding-sql-injection-without-parameters) — Namphibian, Sep 28 '15 at 04:55
possible duplicate of [What is the best way to avoid SQL injection attacks?](http://stackoverflow.com/questions/1973/what-is-the-best-way-to-avoid-sql-injection-attacks) — Hong Duan, Sep 28 '15 at 05:06

score 1 · Accepted Answer · answered Sep 28 '15 at 05:07

One thing to remember when dealing with databases of any type, always avoid hardcoding your sql expressions in your source code. Most of the languages nowadays have their own versions of ORM.

Please take do advantage of using these tools as these are tested ones and so to avoid being injected an unwanted sql query.

For example, .Net has Entity Framework. PHP has also their version of ORM, java has too.

Cheers

score 0 · Answer 2 · answered Sep 28 '15 at 04:56

0

Sanitizing user input and using prepared statements would be a start.

answered Sep 28 '15 at 04:56

Ronald Fernandes

181
2
14

rawat sapna · Answer 3 · 2019-04-07T11:24:52.143

0

To avoid SQL injection attack , apply the below methods.

User input validation in all field,
Regular expression
Paramatrized query(prepared statement)---- model( logical part)
Stored procedure--- database,(controller)

5.Escape character filtering 6.Set the limit in all input field 7.Input sanitization method

edited Apr 07 '19 at 11:24

answered Apr 03 '19 at 18:22

rawat sapna

146
5

How to mitigate SQL injection effect?

3 Answers3