user3204111
Reputation: 11
prevent the sql injection through url
Does validating the URL against special characters prevent sql injections? Somehing like this:
validateRequest(req.getUri());
In which I validate for special characters.
Upvotes: 0
Views: 856
Answers (1)
Habib
Reputation: 223282
As long as you are using parametrized queries against databases you would be saved from SQL Injection. So instead of validating characters in URL, you should send data to the database server through command parameters.
Upvotes: 5
Related Questions
- How to mitigate SQL injection effect?
- Ways to prevent SQL Injection Attack & XSS in Java Web Application
- HttpUtility.UrlEncode to prevent SQL inject
- How can I prevent SQL-injection in Java / JSP on the client side?
- Preventing SQL injection - but without parameters
- Prevent SQL Injections
- how to prevent an SQL Injection Attack?
- how to prevent SQL Injection in a asp.net website
- Avoiding SQL Injection