Nope, nothing you can do on the server end. The server will only
accept syntactically correct SQL statement and broken strings will
undermine that.
In practice, if you are careful to at least escape the quotes (ie '
--> \' ), you can avoid nasty SQL injection attacks, although some
statements m
Yes, there are plenty of smart ways to deal with this. Each of them
is somewhat dependant on whatever general purpose programming language
you are using and/or the environment you are working in.
In PHP we have mysql_escape_string() or PDO, in perl and Java, among
others, prepared statements are
