passing parameters from text box to sql

  • Thread starter Thread starter gordon
  • Start date Start date
G

gordon

Hi

I have a text boxe that passes its contents to a select command that is used
in a where statement - - - WHERE name like '%" + input + "%'.

I am concerned that it may be possible for someone to do some damage to my
dataset by passing dubious parameters. Is there some way to work around
this program security issue? I am using the OleDbDataAdapter with a MS
Access database.

Any advice appreciated.

Thanks
 
gordon said:
I have a text boxe that passes its contents to a select command that is used
in a where statement - - - WHERE name like '%" + input + "%'.

I am concerned that it may be possible for someone to do some damage to my
dataset by passing dubious parameters. Is there some way to work around
this program security issue? I am using the OleDbDataAdapter with a MS
Access database.

Any advice appreciated.
Click to expand...

See http://www.pobox.com/~skeet/csharp/faq/#db.parameters
 
Thanks for the links and the advice.

I have a bit of reading to do tonight now!!!

Doug
 
You must log in or register to reply here.

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Passing Parameters in a Select Statement 3
Passing arrays as parameters 6
Passing bool to a SQL statement 3
DB2 Multi Value Parameter 5
How do I pass columns/table names as parameters? 1
select string for oleDB 3
Choose a value from a combo box based on a text box 0
CCW COM and Parameters 1

Back
Top