----------------------------------------------------------- New Message on BDOTNET
----------------------------------------------------------- From: kvivek23 Message 4 in Discussion Suppose you have a query "Select UserID, Pwd from UserMaster where userid = '" + txtUser.Text = "'" what if the user enters ' or (1=1) the the query would look like Select UserID, Pwd from UserMaster where userid = '' or (1 =1 ) This way user can hack into the system without having a user id or pwd... This applies to any field on the front end.. The best approach to avoid is use OleDBParameters or SQLParameter or any other Regards, Vivek K ----------------------------------------------------------- To stop getting this e-mail, or change how often it arrives, go to your E-mail Settings. http://groups.msn.com/bdotnet/_emailsettings.msnw Need help? If you've forgotten your password, please go to Passport Member Services. http://groups.msn.com/_passportredir.msnw?ppmprop=help For other questions or feedback, go to our Contact Us page. http://groups.msn.com/contact If you do not want to receive future e-mail from this MSN group, or if you received this message by mistake, please click the "Remove" link below. On the pre-addressed e-mail message that opens, simply click "Send". Your e-mail address will be deleted from this group's mailing list. mailto:[EMAIL PROTECTED]
