Luis Cazares (5/9/2014)
What would happen if someone sets the value of ZoneName to
'; DELETE TABLE IPPOOL;
Don't try this on a production environment.
You might want to read about SQL Injection to prevent this and remember to use only parametrized queries. 😉
You beat me to it! I was just going to suggest using the SqlParameter class instead of a direct string build. Same reason: injection nightmare