Assuming you intend to set the parameter via code, it helps to know that the SqlParameter class has some built in validation directed towards Sql Injection, but Steve's warning still holds. In a high security scenario, no amount of validation can be termed "sufficient", but you can surely put in measures that will help you sleep soundly at night (or day, depending on your inclination.
On May 10, 5:03 am, Davej <[email protected]> wrote: > SELECT * > FROM EMPLOYEE > WHERE LastName = @LastName; > > On May 2, 2:34 am, Cerebrus <[email protected]> wrote: > > > > > > > Define "parameterized string". > > > On Apr 29, 9:58 pm, Davej <[email protected]> wrote: > > > > Can parameterized strings still be vulnerable to SQL injection? > -- You received this message because you are subscribed to the Google Groups "DotNetDevelopment, VB.NET, C# .NET, ADO.NET, ASP.NET, XML, XML Web Services,.NET Remoting" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/dotnetdevelopment?hl=en?hl=en or visit the group website at http://megasolutions.net
