SQL Injection problem with DataAssist
For a site of mine I'm getting the following error:
"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\' convert#int,convert#varchar,0x7b5d## \' AND ID= -1)' at line 1"
This happens when I use the following URL:
page.php?ID='+convert(int,convert(varchar,0x7b5d))+'
This shows that Im prone to SQL Injection. How do I prevent this?