motorollin wrote:
@Speel
Do you mean like a stored procedure?
--
moto
:-?
I meant that
only the server must generate SQL commands, and that text input from the client side should have a check for invalid characters. Furthermore, sending data to the server should be quite direct, and *preferably* encrypted.
For instance, download the tool "WireShark", so you can (partially) test the vulnerability of your program.