Error in SQL query when special characters used in password field

Question

I am using Visual Studio 2008 and Access 2013 as my database.

When I use special characters in a password field, my VB.Net code produces an SQL query error, especially when I am using a special char at the last chat.

For example, if I use jdjdj' as the password then an error occurs.

Normal passwords work. For example:

Admin123
123admin
123
admin

Where is the problem and how can I fix it?

yes, the tick will choke it (as well O'Brian. Use SQL Parameters — Ňɏssa Pøngjǣrdenlarp, Apr 07 '15 at 13:00
Just one more reason why you shouldn't store plaintext passwords in a database. — The Blue Dog, Apr 07 '15 at 13:11
I am storing password as plain text in access database. But error accurs in SQL statement when password end with special character like ' — Hansaj, Apr 08 '15 at 02:35

score 1 · Answer 1 · edited May 23 '17 at 12:28

1

You need to pass the password to the query as a parameter rather than concatenate it into the query string. It doesn't just stop issues like this, it's also to stop malicious users deliberately taking advantage of your shortcut, to easily gain access to the database. Check out How do I create a parameterized SQL query? Why Should I?

edited May 23 '17 at 12:28

Community

1
1

answered Apr 08 '15 at 08:54

James Decker

109
4

Error in SQL query when special characters used in password field

1 Answers1