How to validate http URL in C# to avoid SQL injection attacks in c#.net in vs 2013

Simple, you don't. Don't worry about the URL. Worry about the query instead, as mentioned by David_Wimbley.

Just looking at the URL doesn't do anything for cases where user input in your text boxes can also be harmful.

Quote:

I have one string variable sstateUrl= "http://abcd.com/url"
so I want to validate the this sstateUrl to avoid sqlinjection.

It don't work that way. You don't protect SQL queries from injection by checking the text that will be concatenated in the query.
SQL injection is when you build an SQL query by concatenating parts with user input because the end result is an SQL query and the user input is promoted to SQL code, a legal input can crash your SQL query, a malicious input can crash or kill your database.

Never build an SQL query by concatenating strings. Sooner or later, you will do it with user inputs, and this opens door to a vulnerability named "SQL injection", it is dangerous for your database and error prone.
A single quote in a name and your program crash. If a user input a name like "Brian O'Conner" can crash your app, it is an SQL injection vulnerability, and the crash is the least of the problems, a malicious user input and it is promoted to SQL commands with all credentials.
SQL injection - Wikipedia[^]
SQL Injection[^]

Thank you Dave and David.

need to do
1.validate the url
2.append to the string
3.need to encrypt


actually I have to do URL validation in my code that is the part of requirements document.

OK Thank you Ppolymorphe.

OK Thank you Ppolymorphe