Best way to sanitize user input?

B

Brad Baker

I have an asp.net page written in C# which provides a search box which
updates a gridview control using the following code:

protected void search_button_Click(object sender, EventArgs e)
{
string search_terms = search_textbox.Text;
string search_fields = search_dropdown.Text;

string sql_string = "SELECT * FROM
WHERE " + search_fields + "
LIKE '%" + search_terms + "%'";
Datasource.SelectCommand = sql_string;
}

The code above works perfectly however it appears to be vulnerable to SQL
injection attacks and I am wondering how I can best santize user input prior
to using it in my sql query. Is there a function built into C# I can use for
this?

Thanks!
Brad
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Input string was not in a correct format 3
Best way to store variables and user choices in JSP page 6
Best way to get GridView/DataGrid data for Javascript 2
Best Way to Maintain User Security Token Across Multiple Servers? 1
lightweight way to create new projects from templates 0
Get input from spreadsheet control to server for processing 1
Best way to get row data in a DataGrid delete handler 1
User Control without Visual Studio 0

Members online

No members online now.
Total: 23 (members: 0, guests: 23)
Robots: 452

Forum statistics

Threads
473,769
Messages
2,569,580
Members
45,054
Latest member
TrimKetoBoost

Latest Threads

Top