TNWiki Article Spotlight – Protect Your Data: Prevent SQL Injection

Hi everyone, and welcome everybody to our TNWiki Article Spotlight on Tuesday. Hope you had a good holiday time.
For our Spotlight, today i've selected an article from Vincent Maverick Durano, published last month and regarding a pretty known topic, but never stressed enough: SQL Injection, and how to prevent it.

In fact, while we have nowadays every kind of technology to avoid bad things happening on our databases, it's still pretty common to find here and there absolutely vulnerable snippets of code. If that's fine (or, at least, it could be unimportant) while discussing test environments, the sad side of the story is that pretty often those snippets get translated to production, forestalling catastrophic behaviours.

And that's where Vincent's article kicks in!

In his Protect Your Data: Prevent SQL Injection, Vincent guides us into understanding what SQL Injection is, showing us some scenarios in which it could take place, highlighting the main poor practise that we can find. In the second part of the article, the author show us how to implement efficient protection, using bare code, SQL Server procedures, and/or ORM (Object-Relational Mapping).

[caption id="" align="alignnone" width="550"] An image from the article[/caption]

A good use of links in the article constitues a very neat guide to the topic.
A very good read overall, on an argument of paramount importance, still too understimated.

Thank you Vincent for your contribution!
Hope you all liked it, and that it will be of use for your studies and work.

Have a great Tuesday!
— Italian Wiki Ninja Emiliano
MSDN profile | MVP Profile | Twitter | LinkedIn