Is there a quick(er) fix?

Results 1 to 2 of 2

Thread: Is there a quick(er) fix?

  1. #1
    Join Date
    Dec 1969

    Default Is there a quick(er) fix?

    Hi,<BR><BR>I have recently migrated to .NET and am wondering if (along with many other handy improvements), MS helped out on this one.<BR><BR>Remember the O&#039;reilly problem with SQL (single &#039; must be replaced with &#039;&#039;). Is there a way (other than using a form validation control) to skip doing this replace.<BR><BR>I want to do this:<BR><BR>oCMD.CommandText = "Update Table Set MyField=&#039;" & txtMyTextBox.Text & "&#039; Where 1=1;"<BR><BR>Without having to worry about single apostrophe&#039;s or SQL injection attacks, inserting percentages etc etc or anything else that the user could put in txtMyTextBox that could break the SQL stmt.<BR><BR>Is there a function called FixSQL or something that I can use?<BR><BR>Many thanks,<BR><BR>James.

  2. #2

    Default RE: Is there a quick(er) fix?

    The Data Access Appication Block and parametric queries.<BR><BR>

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts