This is a classic problem and gets worst with any attempt to check for SQL injection. Frankly, I do not have a specific solution as it depends on the search data. In most cases I suggest using a lookup table where possible and then use a corresponding value to select the record. This not the best for large data sets.

If you could describe the data being requested in the Search, then I could possibly. One possibility would be to pass an alternate character string (%34;) and then handle that character sequence in your OPENQUERY Function. Still it's a kluge.

Paul.

The issue is not really related to SQLGridSelectedView or DotNetNuke. This issue is between the Web and the MS-SQL. So there is no real answer for the best solution - one fix for all. You need to develop your own solution based on what level of security you need to maintain based on your audience.

The present of the single quote in a textbox being passed to query can just be data, or the indication of a SQL Injection attack.

You could disable the Check for SQL Injection, disable data entry checking, then pass the data into a store prodecure to verify it's data not an attack, then process accodingly.

Beware however, more and more companies are having site validated by third parties and SQL Injection attack is the very first series of test that will be applied. I've been there and watch for 16 hours as my site was systemically attacked - every data entry field was attacked repeatedly with several varitions of the well known attacks "vectors". DotNetNuke came through - and I had only a few minor issues regarding parameter passing in a IFrame. Not I do not allow single quoted character data into my site for search data. I replace it with a different character - but that's just me.

Paul.