By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
434,709 Members | 2,157 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 434,709 IT Pros & Developers. It's quick & easy.

String manipulations with SQL

P: n/a
What is the best way to avoid string manipulations with SQL?

I have edit box control where database is opened for attacks through SQL
commands.

Something like this:
selectString = "SELECT FIRSTNAME, LASTNAME FROM xxxTable WHERE
FIRSTNAME='"+txtTextBox1.Text"'";

Furthermore I would like to avoid of using some characters like ;:,. etc.

If you know for some example I appreciate it. Thanks in advance...
Nov 17 '05 #1
Share this Question
Share on Google+
2 Replies


P: n/a
Use Parameterized Queries to avoid SQL Injection attacks.

"news.microsoft.com" <ab******@yahoo.com> wrote in message
news:eY**************@TK2MSFTNGP09.phx.gbl...
What is the best way to avoid string manipulations with SQL?

I have edit box control where database is opened for attacks through SQL
commands.

Something like this:
selectString = "SELECT FIRSTNAME, LASTNAME FROM xxxTable WHERE
FIRSTNAME='"+txtTextBox1.Text"'";

Furthermore I would like to avoid of using some characters like ;:,. etc.

If you know for some example I appreciate it. Thanks in advance...

Nov 17 '05 #2

P: n/a
PFD
Here's a great article to help avoid SQL attacks:

http://msdn.microsoft.com/msdnmag/is...n/default.aspx

Good luck!
PFD

news.microsoft.com wrote:
What is the best way to avoid string manipulations with SQL?

I have edit box control where database is opened for attacks through SQL commands.

Something like this:
selectString = "SELECT FIRSTNAME, LASTNAME FROM xxxTable WHERE
FIRSTNAME='"+txtTextBox1.Text"'";

Furthermore I would like to avoid of using some characters like ;:,. etc.
If you know for some example I appreciate it. Thanks in advance...


Nov 17 '05 #3

This discussion thread is closed

Replies have been disabled for this discussion.