EMail\SQLError

gh · Jun 10, 2008

Below is the from part of an sql statement. When the query is fired
from the web page I get the following error. How do I work around this?

Thanks

Token unknown - line 1, char 67 @

from USERLOGIN WHERE LOGIN= " +aEmail+ " AND PSSWORD=

Hilmar Bunjes · Jun 10, 2008

gh said:
Below is the from part of an sql statement. When the query is fired
from the web page I get the following error. How do I work around this?

Thanks

Token unknown - line 1, char 67 @

from USERLOGIN WHERE LOGIN= " +aEmail+ " AND PSSWORD=

You should use a prepared statement or a stored procedure. The way you
build the sql command is open to sql injection. Just think what'll
happen is "aEmail" is: ..."; delete from userlogin;"... or something
like that.

Best,
Hilmar

Augustin Prasanna · Jun 10, 2008

try using single quotes around the variable in your where clause

example:

from USERLOGIN WHERE login ='" + aEmail + "'

I assume, aEmail is a string variable in your .net code.

Regards,
Augustin

David Wier · Jun 10, 2008

At the very least, used a parameterized query instead of concatenation
Tutorial:
http://www.aspnet101.com/aspnet101/tutorials.aspx?id=1

David Wier
http://aspnet101.com
http://iWritePro.com - One click PDF, convert .doc/.rtf/.txt to HTML with no
bloated markup

SendGrid email issue in responsive Gmail	1	Nov 4, 2021
How to login using PDO	3	Jul 21, 2021
select stored procedure	4	Dec 8, 2004
Address Book System Help	1	Nov 18, 2022
SmtpFailedRecipientException but email is sent and received	0	Sep 11, 2008
I'm tempted to quit out of frustration	1	Aug 13, 2023
how to access connection object in another class?	5	Feb 19, 2013
How to Create a random password generator in a separate window	4	May 26, 2022

EMail\SQLError

gh

Hilmar Bunjes

Augustin Prasanna

David Wier

Ask a Question

Similar Threads

Members online

Forum statistics

Latest Threads