Why you can do "SqlConnection con = new SqlConnection(cn.ConnectionString)" injection?


hi friends.

my english bad.... :p

in work friends say: in sqlconnection conn = new sqlconnection(); can sql injection. question is: true or not? why? , correcto form?

thanks answers.

chargoy

no. creating sqlconnection object cannot attacked sql injection. when pass parameterized query directly sqlcommand without using sqlparameters. below blog has explanation on it. http://www.codeproject.com/tips/492403/preventing-sql-injection-in-ado-net hope helps.

please mark post answer if solved problem. happy programming!



Visual Studio Languages  ,  .NET Framework  >  Visual C#



Comments

Post a Comment

Popular posts from this blog

Azure DocumentDB Owner resource does not exist

having same error microsoft.azure.documents.documentclientexception: message: {"errors":["owner resource not exist"]} , scenario. when deployed webapp azure , try document docdb throws error. docdb exists in azure , contains document looking for. weird local machine(running vs) works fine. i'm using same settings in azure , local. have , idea this. thanks Microsoft Azure  >  Azure Cosmos DB
Read more

How to Share webservice object to all user

dear all,            how share webservice object user. in pageload i have created webservice object in pages.so performance level go down.            shall create application level mean it's possible share object in user?             if 1 ,it occur deadlock or anyother problem?             or else how share webservice object user.             please me.... advance you. regards, santhosh you can use application object. if updating application object, can use  application.lock(); , then  application.unlock(); thanks, nishanth mohan visit places in london free!!! a large collection of english / hindi / malayalam / tamil sms messages a large collection of english / hindi / malayalam / tamil s...
Read more

How to fix error Msg 1801, Level 16, State 3, Line 1

msg 1801, level 16, state 3, line 1 hi needknowledge.me, >> msg 1801, level 16, state 3, line 1 did want do?  ramjaddu mentioned, might database existed already. assuming want create tables in existing database, please follow steps below: open ssms, , click "new query" (top left, underneath file). choose database you're working with, , you're off races. if need create table syntax, you'll find here . i suspect try reattach database ssms steps (click databases >> right click >>attach) or using t-sql statements. might attaching file using database name exists.  , also, it's possible database file corrupted. here thread same error message yours, please refer thread. http://social.msdn.microsoft.com/forums/eu/sqlsetupandupgrade/thread/cd4caa28-04a6-43f4-b16d-b519fbb070c6 regards, amber zhang SQL Server ...
Read more