Here is an interesting problem to tackle with. Most of us are familier with SQL Injection. For those who are not Familier here is Short intro to it.
When you enter your data into a Login Form, suppose ID and Password, Following code comes into action.
"SELECT * FROM User_Master WHERE Username ='" + txtUsername.Text + "' and " + "Password ='" + txtPassword.Text + "'"
So If I Enter Following Inputs
Username = John
Password = John123
The Resulting SQL Querry becomes
SELECT * FROM User_Master WHERE Username ='John' and Password ='John123'
Suppose I Enter chatacter ' into Username, then let's see what happens.
SELECT * FROM User_Master WHERE Username ='' ' and Password ='John123'
Now, as you can see the clause Username = '' ' causes rest of the code to be neglected. The resulting Query Crashes.
So Let's Filter it out.
Suggestions are Welcome.
Have a nice day and Thanks in Advance.