I've been researching web application security and one of the vulnerabilities I've discovered in ASP.NET is the lack of the equivalent for PHP functions like mysql_real_escape_string() and addslashes() to sanitize user input when the web application is using MySQL as its database.
I would assume that ASP.NET web applications using MySQL aren't as secure as PHP web applications using MySQL. Do you know of any resources to address that security issue?
@rrobbins: So long as you use parameterized queries (if you must use dynamic SQL) in asp.net, you are safe from XSS. Those functions exist in PHP out of necessity; asp.net doesn't have them because they are not needed.
rrobbins: PHP requires those because mySQL doesn't support parameterized queries. Escaping inputs isn't as safe as using parameters.
Any chance this addin can be made to work with VS2008? We've already moved our code base to 2008, but I'd still love to be able to run it through this app
Sounds like a good idea. However, this add-in is completely broken. Clicking the button to start the analysis displays the error message "Licence missing or expired", and does nothing else.