selcukhan69
New Member
I am building a Web application and I want to allow users to insert records into a database. The method that I came across is to take the information from text boxes and run this code:\[code\]SqlDataSource1.InsertParameters["ProductCode"].DefaultValue = http://stackoverflow.com/questions/14533267/txtProductCode.Text;SqlDataSource1.InsertParameters["Name"].DefaultValue = http://stackoverflow.com/questions/14533267/txtName.Text;SqlDataSource1.InsertParameters["Version"].DefaultValue = http://stackoverflow.com/questions/14533267/txtVersion.Text;SqlDataSource1.InsertParameters["ReleaseDate"].DefaultValue = http://stackoverflow.com/questions/14533267/txtReleaseDate.Text;try{ SQLDataSource1.Insert();}...\[/code\]If I try to inject some SQL I get the error message:\[quote\] Message: String or binary data would be truncated. The statement has been terminated.\[/quote\]Does this method sanitise the parameters? I am having a hard time finding this information because I am not sure if there is still a way to get around this error. If it does not how should I go about sanitising the inputs? Additionally, the ReleaseDate parameter seems to be currently reading as dd/MM/yyyy but is there a way to lock this so that the same code on a different system doesn't behave differently. I am worried that if the code is run on a system with different regional settings it will use a different format.