Protecting database from sql injection

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Mike Meinz · Answer 1 · 2013-11-24T08:15:00

Solution 2

Always use parameterized queries!

See
* Using SQLParameters with VB.NET/C#[^]
* Configuring Parameters and Parameter Data Types[^]
* What is SQL injection?[^]

This protects from SQL injection attacks.
An added benefit is better performance for your queries.

Posted 24-Nov-13 8:15am

Comments

Sergey Alexandrovich Kryukov 24-Nov-13 14:51pm

5ed.
—SA

Maciej Los 3-Dec-13 16:15pm

+5!

Richard MacCutchan · Answer 2 · 2013-11-24T07:50:00

Posted 24-Nov-13 7:50am