in the following example it is possible to have an sql injection attack?
To query some products for ex. the swebsite returns the following link:
After this code query some records to display:
Dim cat As String=Request.QueryString
Dim Index as String=Request.QueryString
SqlStr = "Select name,price from products where idcat=" & Cat & " and index= " & index
adapter = New SqlDataAdapter(SqlString, conn)
How can prevent.