Hello
I am building a page where users can edit data
I have followed a sample case (http://demos.telerik.com/aspnet-ajax/grid/examples/programming/commanditem/defaultcs.aspx)
and here is my sample page (http://gaia.agraria.unitus.it/prova3.aspx)
The problem rise in the second grid after user selects a site: when you switch to edit mode, you can enter anything in the textbox.
In your sample, I tried to enter the string SELECT * FROM MyTable DELETE FROM MyTable or other attempts with dangerous words (such as delete or drop) and the input was blocked.
But inspecting your code there I could not find anything about sql injection prevenction; that is, when I tried to replicate the test into my page, all data were dangerously inserted.
Is there a way to process data before the update operatione in the database?
Thanks
Diego
I am building a page where users can edit data
I have followed a sample case (http://demos.telerik.com/aspnet-ajax/grid/examples/programming/commanditem/defaultcs.aspx)
and here is my sample page (http://gaia.agraria.unitus.it/prova3.aspx)
The problem rise in the second grid after user selects a site: when you switch to edit mode, you can enter anything in the textbox.
In your sample, I tried to enter the string SELECT * FROM MyTable DELETE FROM MyTable or other attempts with dangerous words (such as delete or drop) and the input was blocked.
But inspecting your code there I could not find anything about sql injection prevenction; that is, when I tried to replicate the test into my page, all data were dangerously inserted.
Is there a way to process data before the update operatione in the database?
Thanks
Diego