Just trying to make sure all my queries are sanitized. We're using ADOdb (it's already in place, so no talking me out of it).
Is there something in ADOdb like mysql_real_escape_string?
+1
A:
Use parameterized queries.
MySqlCommand cmd = new MySqlCommand();
string usernName = ...;
cmd.CommandText = "select userid,age from Users where username=@username)"
cmd.Parameters.AddWithValue("@username", userName);;
MySqlDataReader reader = smd.ExecuteReader();
nos
2010-04-21 20:39:28