EDN Admin
Well-known member
I just have a quick question about SQL Injection. If i have a query something like this :
string name = Text.Text.Replace(" ", " ") ;
SQL = "Select * from Customer where CustomerID Like % " + name + "% ";
Now im replacing all quotes with 2 . Is it still possible to do SQL Injection into this Query since all single quotes that are found in the TextBox are being replaced with 2 single quotes??
Thanks
View the full article
string name = Text.Text.Replace(" ", " ") ;
SQL = "Select * from Customer where CustomerID Like % " + name + "% ";
Now im replacing all quotes with 2 . Is it still possible to do SQL Injection into this Query since all single quotes that are found in the TextBox are being replaced with 2 single quotes??
Thanks
View the full article