Quotation error on SQL query
Hello,
Im using a form program that connecting to a access db. It is working normally. But when I use " ' " in SQL query, Im getting;
Syntax error in string in query expression 'na'me'.
This is SQL injection problem I think but I dont how to solve?
...
while (dongu < satir_sayisi)
{
string query = "SELECT * FROM name WHERE name='" + str[dongu] + "\'";
OleDbCommand komut = new OleDbCommand(query, conn);
OleDbDataReader rdr; ---> error on this line
rdr = komut.ExecuteReader();
...