I’m a new in the world of coding, I built a large web site

Question

0

Asked: June 17, 20262026-06-17T18:17:42+00:00 2026-06-17T18:17:42+00:00

I’m a new in the world of coding, I built a large web site

0

I’m a new in the world of coding,

I built a large web site with several textboxes, so now i figure out that I’ve been using a dangerous method of inserting data in the SQL server by some thing like this:

execSQL("insert into Dossier(ID_Dossier,Nom_Giac) values(" & id_dossier.text & "," Nom_gaic.text & "')")

 Public Function execSQL(ByVal req As String, Optional ByVal type As String = "r")
        cmd = New SqlCommand
        cmd.CommandText = req
        cmd.Connection = con
        openCon()
        If type = "r" Then
            Return cmd.ExecuteReader(CommandBehavior.CloseConnection)
        Else
            Return cmd.ExecuteNonQuery
        End If
        closeCon()
    End Function

I just want to know if there is any quick way to solve this problem in my entire web site.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-17T18:17:43+00:00

Editorial Team

2026-06-17T18:17:43+00:00Added an answer on June 17, 2026 at 6:17 pm

Using LINQ to SQL can help prevent SQL Injection attacks by parameterizing for you:

LINQ to SQL passes all data to the database via SQL parameters. So, although the SQL query is composed dynamically, the values are substitued server side through parameters safeguarding against the most common cause of SQL injection attacks.

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I’m a new in the world of coding, I built a large web site

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply