0

How to save address of a person which is having (, ; ') etc into access database table via VB.Net?

as Access DBMS consider these characters (,;') as SQL Statements...

Md. Suman Kabir
  • 5,243
  • 5
  • 25
  • 43
Ihsanullah Khan
  • 19
  • 4
  • 3
    I’m sure it doesn’t. Access can handle strings just fine. I’m sure your code is broken and you’re not using parameters as you should. But since there’s no code shown we can’t help. – Sami Kuhmonen Oct 21 '17 at 08:39
  • Possible duplicate of https://stackoverflow.com/questions/4434669/vb-net-escape-reserved-keywords-in-sql-statement – Szymon Stepniak Oct 21 '17 at 08:44
  • 1
    If you cannot store strings with those characters in them that means you are vulnerable to [**SQL Injection**](https://en.wikipedia.org/wiki/SQL_injection). You've got to use a parameterized query to filter your input. – Visual Vincent Oct 21 '17 at 10:31
  • 3
    Possible duplicate of [How to create parameterized queries in vb.net?](https://stackoverflow.com/questions/1851341/how-to-create-parameterized-queries-in-vb-net) – Visual Vincent Oct 21 '17 at 10:34
  • Please show what you have tried to achieve this, then we can help you. – Md. Suman Kabir Oct 21 '17 at 11:04

1 Answers1

0

"Unfortunately, MS Access doesn't support typical operators that are traditionally used during SQL injection testing..."

https://www.owasp.org/index.php/Testing_for_MS_Access

wazz
  • 4,953
  • 5
  • 20
  • 34