Okay, my boss asked me to figure this one out. Keep in mind I know nothing of databases or SQL.

They're writing an app that does something for contractors..handling work orders and such. Well, the find feature allows them to enter a binary operator (AND OR NOR etc) a string (address maybe), and a logical operator (= < > !=).

This string is then all put together with a SQL command or something, and passed to the server. He wants to make sure that someone can't enter SQL commands in the text box and 'drop a table' or something. He wants me to find out how to safeguard against that.

Any ideas?