We have a web application with an ajax autocomplete text box. The problem is that currently the query statement for the ajax query is :
Select * from table where column LIKE '$value$%' Which is susceptible to sql injection attacks. One solution is to have a separate connection pool with read-only privileges, but this seems blunt and doesn't prevent malicious access to sensitive data. Is there a better way of doing this? Z.
