Hello,

I am coding an ASP.Net app, and I need a search function. I understand that SQL injection can be a problem, so I am trying to prevent it if it happens. Here is what I have so far:

Code:
private string RemoveSqlInjectionAttacks(string searchString)
{
	string[] badStrings = {"select", "drop", ";", "--", "insert", "delete", "xp_"};

	// Replace single quotes with double single quotes.
	searchString = searchString.Replace("'", "''");
			
	// Remove all the strings that can do damage
	for(int i=0; i <= badStrings.GetUpperBound(0); i++)
	{
		searchString = searchString.Replace(badStrings[i].ToString(), "");
	}

	return searchString;
}
How does it look? Will this stop all of them? If anyone has anything to add to it, I would appreciate it.