Does this code prevent SQL injection?
In answer to your direct question: Does this code prevent SQL injection: No Here’s the proof – push this string through the PrepareString method: Dim input = “‘” & Chr(8) & “; Drop Table TableName; – ” & Chr(8) & “-” Dim output = PrepareString(input) Console.WriteLine(input) Console.WriteLine(output) I modified the GetRecord method you posted to … Read more