Blazor Server Project #9: How to Avoid SQL Injection Attacks
Dynamic SQL queries are vulnerable to SQL injection. One way to prevent attacks is to implement input validation using character encoding
Table of Contents
· Introduction
· SQL Injection Attacks
∘ Viewing data more than it should
∘ Viewing the list of database objects
∘ Inserting commands
∘ Inserting comment separator
· Avoiding SQL Injection Attacks
· Implementing Avoidance of SQLi Attacks
· Summary
· References
This article is the ninth in a series covering the Blazor Server Project:
(1) How to create a CRUD operation using Dapper
(2) Building a dropdown list involves a 1:N relationship
(3) How to implement a checkbox list involving an M:N relationships
(4) Understanding URL routing and navigation
(5) Creating and using page layout
(6) How to create a reusable modal dialog component
(7) Practical guide to making a master-detail page
(8) Master-detail page using dynamic query
(9) How to avoid SQL injection attacks
(10) Hiding/showing HTML elements
(11)…