Avoid SQL injection in MS Access

G

Guest

I write this on Borland Delphi:

command = 'select * from mytable where name = "' + Edit1.Text + '"';

Users can write SQL injection commands in Edit1.Text.
How to avoid this?
 
G

Guest

Write a function to remove the unwanted commands and symbols.

Especially the OR, DELETE & UPDATE.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top