I have a form that is writing user info to a database.
My save function has this:
Some users are getting errors, and my testing indicates it has to do with unescaped quotes... Is there some function I can use to filter these text fields prior to running the save function here?
Should I use server.htmlencode, or is there a better recommendation? Thanks
No NO NO! This is not php. Your save function sohuld use parameterized queries and NOT concat values. This is basic Ado.Net usage.
If you want something to use faster, try PetaPoco.