1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

How to remove ',<,>

Discussion in 'C#' started by CyberMew, Jan 19, 2007.

0
  1. #1
    Hello, i am doing a search function for my project, and i am wondering how do i 'remove' the 3 characters, because it either crashes my project(sql injection thingy) or html display problem.

    However i don't want to replace it with space or any other characters because the thing i want to search has the 3 characters. I just don't want my project to crash or be vulnerable to sql injection.

    Please advise..and thanks in advance
     
    CyberMew, Jan 19, 2007 IP
  2. saurabhj

    saurabhj Banned

    Messages:
    3,459
    Likes Received:
    61
    Best Answers:
    0
    Trophy Points:
    0
    #2
    Hello,
    Use Escape sequences instead of ',<,> but I dont think they can help as both the things are not possible at a same time.

    You have to replace these chars...

    -SSJ
     
    saurabhj, Jan 19, 2007 IP
  3. ccoonen

    ccoonen Well-Known Member

    Messages:
    1,606
    Likes Received:
    71
    Best Answers:
    0
    Trophy Points:
    160
    #3
    Generally when protecting against SQL Injection - I only care about 1 character, the Tick (') - so I usually safeguard my content with:

    Left(Trim(Replace(Text,"'","`")),VarCharDefinedLength)

    This keeps me protected and makes sure I only insert the max amount of chars that my DB Field will allow
     
    ccoonen, Jan 19, 2007 IP