Events
Mar 31, 11 PM - Apr 2, 11 PM
The biggest SQL, Fabric and Power BI learning event. March 31 – April 2. Use code FABINSIDER to save $400.
Register todayThis browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
When you construct an application that accesses data, you should assume all user input to be malicious until proven otherwise. Failure to do so can leave your application vulnerable to attack. One type of attack that can occur is called SQL injection. This attack is where malicious code is added to strings that are passed to an instance of SQL Server to be parsed and run. To avoid this type of attack, you should use stored procedures with parameters where possible, and always validate user input.
Validating user input in client code is important so that you don't waste round trips to the server. It's equally important to validate parameters to stored procedures on the server. That way input is caught that bypasses client-side validation.
For more information about SQL injection and how to avoid it, see SQL injection. For more information about validating stored procedure parameters, see Stored procedures and related articles.
Events
Mar 31, 11 PM - Apr 2, 11 PM
The biggest SQL, Fabric and Power BI learning event. March 31 – April 2. Use code FABINSIDER to save $400.
Register todayTraining
Learning path
Implement a secure environment for a database service - Training
Implement a secure environment for a database service
Documentation
Application security - JDBC Driver for SQL Server
Learn about application security and java policy permissions when developing an application using the JDBC driver.
Securing connection strings - JDBC Driver for SQL Server
Learn how to secure connection string information when using the JDBC Driver for SQL Server.
Securing applications - JDBC Driver for SQL Server
These articles describe some common security concerns including connection strings, validating user input, and general application security.