共用方式為


SQL injection is teh suck . . .

So do something about it: https://blogs.technet.com/swi/archive/2008/06/24/new-tools-to-block-and-eradicate-sql-injection.aspx

We give you 3 different ways to combat SQL injection on our platform above including an update to one of my all time favorite tools - URLScan!
Here's a blog post from a senior IIS dev-dude (Wade Hilmo) on the new URLScan and some of the new features: https://blogs.iis.net/wadeh/archive/2008/06/24/urlscan-v3-0-beta-release.aspx

Comments

  • Anonymous
    January 01, 2003
    You know I never understood why people don't just use Parameterized Queries in .net. For everything from Dynamic SQL to Stored Procs. You set the correct datatype and everything gets handled by the framework for you. .net is a beautiful thing when used correctly.