none
SQL Injection

    Question

  • Hi

    I need to know if SQL injection can be removed in select query only.

    ex.

    SQL=select filedname from emp and rownum<5 order by fieldname

    SQL1="EXPLAIN PLAN set id=?" for : & SQL

    myCmd.CommandText = SQL

    How can we avoid the SQL injection on the statement in bold?

    Thanks,

    Srimant

    Friday, May 20, 2016 1:40 PM

Answers

All replies