I had read more about SQL Injection, but I have not faced it. Recently, I am working on this project. This is not a new project. This project is half completed by other developer. Some day ago, when I have checked the live site, any page of this website is not working properly. So I have checked the Live website’s data. I have seen that all the records of this database is append by some html tags. So any page of this website can not opened.
First I have think somebody had credential of SQL database and he had run sql script to append all the records. So, I had changed the credential of SQL and repair all the data. But After two day I have faced this problem again. So I had start to investigate about this problem with team. First we are trying to find URL which can arise this problem. But how can we find the url because there is no any tracking functionality in the current system. So we had googled it, but we didn’t find any solution. Then one of my project manager (Haresh Patel) tell me that IIS is tracking all the URLs and IP Address. So we had checked the log file of IIS for this website. And we had found one url which contains binary code in url. In this URL query string contains binary code and this query string made SQL Injection. So, first we have block this IP Address and correct the code. Main problem in this system was old developer had used inline query in some places and he had not check query string parameter and append to inline query. Now I had recoded for protect system from this attack and I had used SPs at all the places Thanks to my project managers (Jagdish Patal and Haresh Patel) for solving this problem.