How to correctly create Web Service with WHERE clause preventing injection?

Once you get your other issues worked out that don't pertain to your actual question, you just need to parameterize your input. So your query literal would become: "SELECT ID, ptMaster_ID, StrName, LngText, ShrtText, Lcode, Name, FROM tblMasterStringPTS WHERE FileName = @FileName" I'm not sure exactly what your implementation is for retrieving your dataset, but I'm assuming you've got a SqlCommand object in there somewhere. To add the parameter command.Parameters.

Add(New SqlParameter("@FileName", FileName)) should be pretty close to what you need. And there you go, no SQL injection risk.

I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.