cjrancur

Can escape methods be used with PIOleDB and vb.net to prevent SQL injection attacks?

Discussion created by cjrancur on Jan 15, 2010

Take a look at the SQL injection entry on Wikipedia, under the heading "escaping".  I'd like to avoid potential SQL injection attacks in my coding of OleDB with the PI server.  If that can be done with PI OleDB, how could it be done?  Does standard vb.net ADO include method objects that will perform the "escape" function?  Are there functions included in PI OleDB to do this implicitly when the PIOLEdB library is used, rather than requiring the person doing the coding to call the function explicitly?

 

Here's the wikipedia link. 

 

http://en.wikipedia.org/wiki/SQL_injection

Outcomes