SQL Injection?

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Will the code below protect me from SQL injection in an ASP.Net page?
Dim cmd As SqlCommand
Dim prm As SqlParameter
Dim salary As String
cmd.CommandText = "select salary from employee where name=@name"
prm = New SqlParameter("@name", name.text)
cmd.Parameters.Add(prm)
salary = cmd.ExecuteNonQuery
 
Yes, and it will protect you from all sorts of other problems like Irish
Surnames. Definitely the preferred way to do this.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

General Network Error occurs Randomly 11
DataAdapter with Parameter problem 1
sqlcommand 1
Trouble with Dataset 3
Geting Identity back from SS SP 4
Running Stored Procedure by Parameters 4
Like('*') won't work in Access qry 5
insert stored procedure does not commit to the database More options 4

Back
Top