- Posted by Admin on February 11, 2009
There are the steps to avoid sql injection in login forms
1. Use Required field validators for username and password text boxes
2. Use TextUsername.Text.Replace("'","`") before using it in the SQL
3. If possible then never include text box controls in the SQL. Instead of that retrieve data in using data reader object and then compare.
4. You can also use parameterized SQLs while fetching records from the database.