John - trying to protect against SQL injection by black listing possible SQL reserved words is not a good approach for preventing sql injection. The proper way to deal with that is to not use string concatenation (using the content of your text field) for your queries, and use prepared statements to pass in the parameter values used in your queries. More at OWASP ( https://www.owasp.org/index.php/SQL_Injection).
Cheers - Alex K On Wed, Jan 2, 2013 at 10:20 AM, John <j...@quivinco.com> wrote: > Hi, > > Has anyone any knowledge of this topic? I'd like to ensure that any of my > text input fields can block any use of SQL reserved words. Would a > validator be a suitable approach? > > happy new year, > John
