Forum Replies Created

Viewing post 1 (of 2 total)

  • RE: Updated SQL Injection

    I thing that this good practice to use parameters.

    Something like that:

    string strSql = "UPDATE SET [A] = @A";

    System.Data.SqlClient.SqlCommand command = new System.Data.SqlClient.SqlCommand(strSql,oSqlConnection);

    command.CommandType = CommandType.Text;

    command.Parameters.Add("@A", SqlDbType.string);

    command.Parameters["@A"].Value = strA;

    command.ExecuteNonQuery();

    is much better...

    March 21, 2008 at 7:15 am

    #792418

Viewing post 1 (of 2 total)