Results 1 to 36 of 36

Thread: DB Search Command

Threaded View

  1. Mar 11th, 2010, 04:32 AM #13
    cicatrix
    cicatrix is offline
    PowerPoster cicatrix's Avatar
    Join Date
    Dec 2009
    Location
    Moscow, Russia
    Posts
    3,654

    Re: DB Search Command

    Quote Originally Posted by jmcilhinney View Post
    Never use string concatenation to build SQL statements if it can possibly be avoided.
    OK. What can possibly go wrong with the code I provided?

    Well, I admit that a user can use characters ' or " in the textbox and exploit some SQL injection but this should be done by filtering user input. What's wrong with the concatenation itself?
    Last edited by cicatrix; Mar 11th, 2010 at 04:35 AM.
    #define true ((rand() % 2)? true: false) // Debug THAT!

    Rate the posts that helped you!

    Evaluating Expressions | Simple POP3 Protocol Realization | Timers explained | Delegates explained | A secure login to your app sample | Numeric Textbox | Printer.Print (or I miss VB6 printing in .Net) | Shuffling any IEnumerable | Marshalling structures to byte arrays and back | Invoking a method by its name | Plugins architecture WITHOUT references | Permuter that permutes everything | Encrypt/Decrypt your stuff | Snake Game | Enumerating all Network Adapters in the system | How to make a web request
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules


Click Here to Expand Forum to Full Width