Wrox Programmer Forums
|
ASP.NET 4 General Discussion For ASP.NET 4 discussions not relating to a specific Wrox book
Welcome to the p2p.wrox.com Forums.

You are currently viewing the ASP.NET 4 General Discussion section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
 
Old April 13th, 2012, 09:59 AM
Friend of Wrox
  
Join Date: Dec 2006
Posts: 104
Thanks: 9
Thanked 1 Time in 1 Post
Default Insert parameters into string
I am looking to programically set a datasource using VB

What i am trying to prevent is SQL injection and so would like to find the most affective way of passing a parameter into a string.. eg

Instead of:

Code:
Dim SQLStr AsString
SQLStr="Select * from table where column = " + Parameter
SqlDataSource1.SelectCommand = SQLStr
I am using

Code:
Dim SQLStr AsString
Dim SQLStrRep AsString
SQLStr="Select * from table where column = @id"
SQLStrRep = Replace(SQLStr, "@Id", somevalue)
SqlDataSource1.SelectCommand = SQLStrRep
Is there a better way of adding parameters as this approach would soon get quite messy if muliple values needed to be added?

Cheers

Aspless ...





Similar Threads
Thread Thread Starter Forum Replies Last Post
How to insert string to cdata section after a specific string? khunt XSLT 2 January 14th, 2011 10:44 AM
how to insert these string into database SpringSummer SQL Language 3 September 22nd, 2007 07:05 AM
String to DateTIme for Insert plymnet Classic ASP Databases 1 August 21st, 2005 11:09 PM




Contact Us - Wrox - Privacy Statement - Top

Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.