My ASP.NET Website is Attacked With SQL Injection
问题 Hacker reached my database User list and other tables. First of all, I use parameterized command in all of the transactions by using command.Parameters.Add("@Parameter1", SqlDbType.NVarChar).Value All transactions are stored procedures. I am inserting every single site navigation into database. Particular database table as follows; ID int (PK) UserID int (null) URL nvarchar(500) IPAddress nvarchar(25) CreatedAt datetime Project gets UserID information from the code is session opened or not.