Validation of a textbox to prevent quotation marks to be used

Question

3.00/5 (1 vote)

See more:

I am trying to prevent some basic sql injections to occur. I can't seem to prevent a textbox from having the single quote or double quotation marks inserted into it. How would I do this ?

Posted 23-Feb-12 6:15am

Member 8672028

Add a Solution

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Varun Sareen · Answer 1 · 2012-02-23T06:25:00

Dear Friend,

Here you have to suppress the user on key press event for not entering the character that can lead to SQL injection error for this you have to follow the following steps:-

1).

private void txtCompanyPhone_KeyPress(object sender, KeyPressEventArgs e)
{
    objCommonMethods.isNumericWithHyphen(e);
}

2).

     internal void isNumericWithHyphen(KeyPressEventArgs e)
     {
       int asciiValue = Convert.ToInt32(e.KeyChar);
       if ((asciiValue >= 48 && asciiValue <= 57) || asciiValue==45 ||         asciiValue==127 || asciiValue==8)
          return;
    else
        e.Handled = true;
}

Here i have given you the example of allowing only numbers in the textbox and restricting rest other characters. You just need to modify accordingly the same method by using the ascii value of the characters you want to restrict and which to allow.

I hope this will help you out. Please don't forget to mark this as your answer if it really helps you out.

Thanks

OriginalGriff · Answer 2 · 2012-02-23T06:27:00

Don't bother.
It is more trouble than it is worth - you need to ban quotes, double quotes and (preferably) semicolon as well, but in pasted text as well as typed. You can do it in the TextBox.TextChanged event, but you are much, much better off using parametrized queries instead.

If you never concatenate strings, it doesn't matter what they type - and there are good reasons why quotes should be allowed - they are part of some names for example.

Validation of a textbox to prevent quotation marks to be used

2 solutions

Solution 1

Solution 2

Add your solution here

Preview 0