N
news.microsoft.com
What is the best way to avoid string manipulations with SQL?
I have edit box control where database is opened for attacks through SQL
commands.
Something like this:
selectString = "SELECT FIRSTNAME, LASTNAME FROM xxxTable WHERE
FIRSTNAME='"+txtTextBox1.Text"'";
Furthermore I would like to avoid of using some characters like ;:,. etc.
If you know for some example I appreciate it. Thanks in advance...
I have edit box control where database is opened for attacks through SQL
commands.
Something like this:
selectString = "SELECT FIRSTNAME, LASTNAME FROM xxxTable WHERE
FIRSTNAME='"+txtTextBox1.Text"'";
Furthermore I would like to avoid of using some characters like ;:,. etc.
If you know for some example I appreciate it. Thanks in advance...