请问asp.net防止SQL注入攻击

问题描述：

在默认情况下不会对ASP.net SQL注入攻击利用ASP控件时保护？

By default does ASP.net protect against SQL injection attacks when using ASP controls?

答

没有。只要你供应的SQL，这取决于你是聪明的你如何使用这些控件。

No. As long as you're supplying the SQL, it's up to you to be smart in how you use the controls.

这通常意味着输入消毒，并使用参数化查询或通过动态SQL字符串存储过程。

That usually means sanitizing input and using Parameterized Queries or Stored Procedures over dynamic SQL strings.

如果该控件生成您的查询（如成员控制等），那么你得到很好的保护。

If the control is generating the queries for you (like the Membership Controls, etc.) then you're well protected.