O'Reilly logo

Security for Microsoft® Visual Basic® .NET by Michael James Bond, Ed Robinson

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

SQL-Injection Attacks

SQL stands for Structured Query Language and is a specialized language for processing data contained in a relational database. SQL is a language just as Visual Basic .NET is a language—with its own unique syntax and capabilities. You reap the unique benefits of both languages by invoking SQL commands from your Visual Basic .NET application. A common way you might use SQL in your Visual Basic .NET application is to embed SQL commands in a string and then call through a database object such as an ADO.NET command object to execute the command. Your application becomes vulnerable to attack when you use unchecked user input as part of the SQL string you are constructing. Take for instance the following SQL statement:

Dim sql As ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required