EMail\SQLError

gh · Jun 10, 2008

Below is the from part of an sql statement. When the query is fired
from the web page I get the following error. How do I work around this?

Thanks

Token unknown - line 1, char 67 @

from USERLOGIN WHERE LOGIN= " +aEmail+ " AND PSSWORD=

Hilmar Bunjes · Jun 10, 2008

gh said:
Below is the from part of an sql statement. When the query is fired
from the web page I get the following error. How do I work around this?

Thanks

Token unknown - line 1, char 67 @

from USERLOGIN WHERE LOGIN= " +aEmail+ " AND PSSWORD=

You should use a prepared statement or a stored procedure. The way you
build the sql command is open to sql injection. Just think what'll
happen is "aEmail" is: ..."; delete from userlogin;"... or something
like that.

Best,
Hilmar

Augustin Prasanna · Jun 10, 2008

try using single quotes around the variable in your where clause

example:

from USERLOGIN WHERE login ='" + aEmail + "'

I assume, aEmail is a string variable in your .net code.

Regards,
Augustin

David Wier · Jun 10, 2008

At the very least, used a parameterized query instead of concatenation
Tutorial:
http://www.aspnet101.com/aspnet101/tutorials.aspx?id=1

David Wier
http://aspnet101.com
http://iWritePro.com - One click PDF, convert .doc/.rtf/.txt to HTML with no
bloated markup

DJForm Login Help!	1	Sep 28, 2024
Mini Web Server in C++ (Part One)	4	Oct 2, 2025
SendGrid email issue in responsive Gmail	1	Nov 4, 2021
How to login using PDO	3	Jul 21, 2021
select stored procedure	4	Dec 8, 2004
Database Manager: A C++ Console Application	14	May 12, 2025
Chatbot	0	Oct 8, 2024
How do I rename and copy a file on the server?	1	Nov 21, 2025

EMail\SQLError

gh

Hilmar Bunjes

Augustin Prasanna

David Wier

Ask a Question

Similar Threads

Members online

Forum statistics

Latest Threads