Home Forums SQL Server 2008 SQL Server Newbies How to search? RE: How to search?

  • September 25, 2013 at 6:36 pm

    #1653390

    Sean Lange (9/25/2013)

    It was me who has repeatedly told you over the last few days that you need to parameterize your dynamic sql. I have posted the same link to the same article that Gail posted (she is the author of that fantastic piece of work btw). Please take the time to read it. You said you have read it but you keep posting code that is vulnerable to sql injection.

    I even showed you a code example of how dangerous injection can be. Do yourself and your company a favor and stop using dynamic sql without parameters.

    Thank you Sean 🙂

    Ok sean i will do that, i'm new to sql and vb.net and you all enlighten me to a Very Very vEry Goood Exellent answers, hoping to learn more from you 🙂