|
Παρουσίαση με Ετικέτες
Όλες οι Ετικέτε... » Parameters (RSS)
-
Microsoft is suggesting to always use Named parameters with SqlCommands for security reasons (to avoid SQL injection exploits), but they haven’t thought of providing a property at SqlCommand to give you back the result SQL so that you can have your app log it without resorting to SQL Server for that logging. Found a solution […]
-
table: users
userid: int
name: varchar(10)
SqlCommand sqlCommandCheck = new SqlCommand(''SELECT * FROM users WHERE userid=@ParameterUserID AND name='@ParameterName' '', matchSqlConnection);sqlCommandCheck.Parameters.AddWithValue(''@ParameterUserID'', userid);sqlCommandCheck.Parameters.AddWithValue(''@ParameterName'', name);SqlDataReader ...
|
|
|