Monday, March 26, 2012

Validating SQL Query Input

Hi,

in PHP there is a function called mysql escape query to allow us quickly filter input character to avoid sql injection.

is there any similiar function in C#? Usually when I need to sanitize string I made my own function like :

strInp = strInp.Replace("'","\'");

thanks

You can useparameterized queries.

HTH,
Ryan

Posted by at
Labels: , , , , , , , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)