Sql Injection problem

I have HttpHandler page which I use to do some stuffs that includes the using of DB . I need to be able to prevent people from getting access to this 开发者_JS百科file and to make sure that the info's path is my website and not another web page which using Processrequest to achieve this .

    public void ProcessRequest (HttpContext context) {


    if (context.Request.Url.Authority.ToString() != HttpContext.Current.Request.Url.Authority.ToString())
        return;
    context.Response.ContentType = "text/plain";
    string str = context.Request.Form["recordsArray[]"].ToString();
    char[] delimiters = new char[] { ',', ';' };
    string[] arr = str.Split(delimiters);

    for (int i = 0; i < arr.Length; i++)
    {
         Functions.Add(new tab(arr[i])); // insert records into table Tabs => int id, string name           
    }

}

If you want to prevent people having access to some resource normally you protect this resource with an authentication: you grant authorized users with username/password allowing you to distinguish them from unauthorized users.

An HTTP request can be forged and made to look exactly as if it was coming from your domain, while actually it doesn't. So the only way is to use some secret.

You could also something that handles SQL injection for you.

Linq to sql: http://weblogs.asp.net/scottgu/archive/2007/09/07/linq-to-sql-part-9-using-a-custom-linq-expression-with-the-lt-asp-linqdatasource-gt-control.aspx

or for something a bit simpler, you could just use SQL parameters (with is what Linq to SQL uses):

(a short guide): http://www.sharpdeveloper.net/content/archive/2007/05/25/creating-sqlparameters-best-practices.aspx or here http://msdn.microsoft.com/en-us/library/system.data.sqlclient.sqlparameter.aspx

I know this isn't a specifically a solution for you, but I hope that helps.