While in Oracle escaping apostrophe (') character
seems to be enough protection for Sql Injection (I
think is not), this is not true for Sql Server. Here a
little example I think many of you will find useful.
For an on-the-fly query like:
Query = "select field1, field2... from table where i...
While in Oracle escaping apostrophe (') character
seems to be enough protection for Sql Injection (I
think is not), this is not true for Sql Server. Here a
little example I think many of you will find useful.
For an on-the-fly query like:
Query = "select field1, field2... from table where i...
[ more ]