0

I'm having a conceptual problem. I have this asp.net page to manage code snippets. Now I would like to add tags to this snippet before submitting it. Something like you can do with stackoverflow. I'm wondering how I should go about to do this?

I thought about a hiddentextbox, which is filled in by jquery when a user selects a value from a dropdown list, seperated by ";", which could be read and seperated serverside. But this is vulnerable to tinkering i guess?

Is there any proper way to do this?

Improve this question

1 Answer 1

Reset to default
1

I understant that your main concern is that your approach is vulnerable to sql injection.

The approach you described is very common and used frequently and by itself is not causing any sql injection vulnerabilty.

It all depends how is your server side code is implemented. In case you will write plain text sql queries (like var sql = "insert into mytable values(" + param1 + ")) than you will have sql injection risk.

If you will use sql commands with parameters, Linq2SQL, Entity Framework or any approach that not building sql queries as I mentioned above, you have nothing to fear of.

Enjoy!

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Great, I'm using LINQ2SQL all the way in this project as it was the main goal, learning lINQ. I'm going to try and implement this today, but I'm already thinking about what to do when the user has javascript disabled. Worries for later! :) Thanks already!
For future visitors, here is a similar problem which could help you out:dotnet-developer.de/2008/07/aspnet2005/ajax/…

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.