Hi,
Thank you for the reply. I am using a function to avoid injection like ColorC=Sqlinj(Request.QueryString("Color")) that removes the harmful statements.
I am not very good at coding. Can you please write the statements in detail to solve the problem mentioned above.
Thanks
I am using SQL Server 2005.