c# - Build safe search conditions for SQL WHERE clause -
I need to create search terms used with WHERE clause. Has been sent to another application to execute as part. Because the position of search there can be quite complex (including sub-questions) I do not believe that by obtaining the application, they can parse them wisely to prevent SQL injection attacks.
The best practices say parametric queries should be used. It works fine when you use command object to execute the query. In my case, I want to get that query string in it with the merger criteria, and I know that I am interested in what interest I am interested in, pars out it. Is there any way to do this?
I work with MS SQL Server and currently replace all single citations with two single citations in the string obtained from just one collar. Is SQL injection attacks a better way to gain some level of security?
Take a look at these 2 links
And
Comments
Post a Comment