Project: Defending SQL Injection


Download the Grades Central for VS2012 or the Grades Central for VS2010 , an website.  Develop defensive measures to defend the database from SQL injection.


  • Set #1
    • Use regex to indentify the metachacaters that could cause SQL injection and reject the input.
    • Do not send error messages to the browser.
    • Avoid dynamic SQL with concatenated input.
  • Set #2
    • Use different login ids for SELECT, UPDATE or DELETE statement.
    • Use stored procedures.

Project Submission

  • Send the project to
  • Subject: Project 2 - first name and last name - VS2010 or VS2012


Set #1: 100%
Set #2: extra 30%