Hi
i have a problem when i want to save a string provided by a user in a database if the data contains the character ' (the single quote)
as the strings in SQL should be put between two qoutes like
"select * from MyTabel where name='My Name';
so if the use puts the character ' in the string it will damage the SQL statement like
"Insert into MtTable (UserText) Values (' I'll put this in DB ');
so the word (I'll) ruined the SQL how can i protect my Application without forcing the user not to put this character.
Sorry for long question
Thanks
1 answers
Make a replace to the string before the statement is executed.
Ex (#):
string Username = "zbr'";
Username = Username.Replace("'","''");
"SQL how can i protect my Application"
Replacing quotes is not enough to protect againts SQL injections.
Take a look at this link for some more informations about SQL injections http://www.sitepoint.com/article/794
Regards
answered 2 years ago by:
0
Make a replace to the string before the statement is executed.
Ex (C#):
string Username = "zbr'";
Username = Username.Replace("'","''");
"SQL how can i protect my Application"
Replacing quotes is not enough to protect againts SQL injections.
Take a look at this link for some more informations about SQL injections http://www.sitepoint.com/article/794
Regards
answered 2 years ago by:
0
I think that is not the suitable solution and i think this will ruin the sql more
answered 2 years ago by:
0
This post was imported from csharpfriends, if you have a similiar question please ask it again.
All previous members have been migrated, hope you enjoy the new platform!