SQL Injection

EDN Admin

Well-known member
Joined
Aug 7, 2010
Messages
12,794
Location
In the Machine
I just have a quick question about SQL Injection. If i have a query something like this :

string name = Text.Text.Replace(" ", " ") ;

SQL = "Select * from Customer where CustomerID Like % " + name + "% ";

Now im replacing all quotes with 2 . Is it still possible to do SQL Injection into this Query since all single quotes that are found in the TextBox are being replaced with 2 single quotes??

Thanks

View the full article
 
Back
Top