Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I have a textbox in my application in which user will enter where clause to search leads. This conditions will be concatenated to my original search query with AND logical operator in stored procedure of SQL Server 2008.
Is it possible to write DELETE or DROP sub query in that conditions?
You are fighting a losing battle.
Do not try to prevent SQL Injection by black-listing or white-listing contents of input. Instead, use parameterized queries. Then it does not matter what is entered.