Validate your user input using appropriate validators. Use SQL Parameters in all your queries.
On Sat, Nov 13, 2010 at 5:33 PM, Davej <galt...@hotmail.com> wrote: > After reading about SQL injection security issues... > > http://en.wikipedia.org/wiki/SQL_injection > http://msdn.microsoft.com/en-us/library/ms161953.aspx > > I started wondering about the most efficient ways to filter a string. > For a simple 12/31/2010 txtbox date string I just decided to convert > the string to a char array and use a loop and testing with ascw(). I > know there are string functions like str.remove and str.replace but I > don't know if there are any that can be used in a particularly > efficient way for this. Ideas? Thanks. >
