[Question] Visual Studio: SqlDatabaseSource -v- NHiberate/Mapping - Page 2 - boards.ie
Boards.ie uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Click here to find out more x
Post Reply  
Thread Tools Search this Thread
28-03-2012, 23:10   #16
Gavin "shels"
Registered User
Join Date: Mar 2007
Location: The Tenters, Dublin 8
Posts: 14,159
Send a message via MSN to Gavin "shels"
Cheers Procasinator, I'm a little confused as to what the parameters are actually doing and how are they making the SQL more secure?
Gavin "shels" is offline  
28-03-2012, 23:25   #17
mewso's Avatar
Join Date: Feb 1998
Location: To the left
Posts: 7,378
It's to do with sql injection. If your user enters something into an input on your form like "''; delete from table1" and you don't use parameters just append what they have entered to your sql then all rows in your table will be deleted:-

"select a, b, c from table where name = " & nameInput.Text

will result in a sql statement like this:-

select a, b, c from table where name = ''; delete from table1

Using parameters avoids this completely.
mewso is offline  
Thanks from:
Post Reply

Quick Reply
Remove Text Formatting

Insert Image
Wrap [QUOTE] tags around selected text
Decrease Size
Increase Size
Please sign up or log in to join the discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Share Tweet