G
Gulnar78
Guest
I have the following function, it seems that it has sql in jection, what I have to add to the code to avoid it?
public static Sql ExecuteSqlCommand(string command, List<SqlParameter> parameters = null)
{
SqlConnection sqlConnection = new SqlConnection(GetSQLConnectionString());
sqlConnection.Open();
SqlDataReader reader;
using (var sqlCommand = new SqlCommand(command, sqlConnection)) {
if (parameters != null)
foreach (var param in parameters)
sqlCommand.Parameters.Add(param);
reader = sqlCommand.ExecuteReader();
}
return new Sql(sqlConnection, reader);
}
Continue reading...
public static Sql ExecuteSqlCommand(string command, List<SqlParameter> parameters = null)
{
SqlConnection sqlConnection = new SqlConnection(GetSQLConnectionString());
sqlConnection.Open();
SqlDataReader reader;
using (var sqlCommand = new SqlCommand(command, sqlConnection)) {
if (parameters != null)
foreach (var param in parameters)
sqlCommand.Parameters.Add(param);
reader = sqlCommand.ExecuteReader();
}
return new Sql(sqlConnection, reader);
}
Continue reading...