SQL Injection: A Tour

[si_the_geek]

Absolutely, I've seen many threads in the C#/PHP/... forums where the same issue is apparent - I don't know how to deal with the syntax for those languages, but hopefully a decent explanation of why you should use parameters will be enough to get people to find the syntax for their language.

[dilettante]

Or any programmers this sint really Vb specific

True enough, but I often see this sort of thing pointed at those using VB, fair or not. Information is power, and providing it to VBers is a good thing.

Absolutely, I've seen many threads in the C#/PHP/... forums where the same issue is apparent - I don't know how to deal with the syntax for those languages, but hopefully a decent explanation of why you should use parameters will be enough to get people to find the syntax for their language.

Well I know some people seem to think C# programmers are more 'leet, 1337, or 31337 though a large number are former VB programmers. I'd lump them in together and would never dream of shorting them on good information.

Solid syntax examples covering a range of options would be very helpful to people. Just looking at ADO there are several ways to pass parameters to inline SQL, prepared queries, or stored procedures. ADO.Net offers a few too. PHP must have a few choices as well but I've never looked closely at it, being more of an ASP guy and doing less Web development in recent years.

But it would be great to start somewhere, and I'm sure C# programmers can easily take VB.Net examples and run with them.