Jackson Pushpanathan's Blog

Things to consider to avoid SQL Injection: 1. Have a function which vets the inputs from your forms :  ex: "select", "drop", ";" , "--", "insert", "delete", "xp_"  2. Escape single quotes with two single quotes ex: d'souza should be d''souza. 3. Set  size for number of characters text box can accept. Thus limiting the amount of untoward values that can be input 4. Do not use sa account for application related queries. Create a separate account with limited privleges. ex: if you need user to only view reports, create user account which has only 'SELECT' permissions.

// Generics example.  // Build a collection which accepts only a specific class type.  // ex: collection below accepts only cPerson namespace LearnOOp {    public class cGenericPersoncol     {         public string BuildGenericPersons()          {             cPerson cPer = new cPerson();             cPer.Name = "J Push";    //Create a List collection of type cPerson             List cPerColl = new List ();             cPerColl.Add(cPer); //// uncomment this line to test the collection. this should throw an error if you try passing //// a cMachine type class to the List collection created earlier.             //cMachine cMac = new cMachine();             //cMac.MachineName = "Matsumito";             //cPerColl.Add(cMac);             return cPerColl[0].Name;         }     }    // Person class     public class cPerson     {         string myName;         public string Name {             get { return myName; }             set { myName = value; }         } // Machi