Our application takes a user's name as input from the frontend, and sometimes the name has a single quote. So how do I pass the name entered to a stored procedure if the name contains a single quote (')?
We can not pass a single quote (') directly to stored procedure input, as it may cause SQL injection.
Database Used: SQL Server 2008
Application: ASP.NET C# 4.0
No comments:
Post a Comment