Since search criteria for my website comes from the user, is there a (Classic) ADO method that tests for SQL injections?
Since there's really no difference in the techniques used to test a database for security vulnerabilities and exploiting a database using security vulnerabilities, a public discussion of this topic is discouraged here.
"Lisa, in this house, we obey the laws of thermodynamics!" - Homer Simpson
"I have my standards. They may be low, but I have them!" - Bette Middler
"It's a book about a Spanish guy named Manual. You should read it." - Dilbert
no not directly. you have to do it as a developer. One way to help prevent SQL Injections is to use parameters instead of creating your SQL string on the fly.
Other than that some common things to do is replace a single quote with double quote, filter out things like '--' which is a comment in SQL Server, and ignore things like 'xp_' or 'sp_' which can be used to call system stored procedures.