SQL, Between dates and SQL Injection
Posted on 2007-12-04
I'm attempting to build a Select statement from my database to fill a Gridview. I want it to pull the results from within the past 14 days. I've got this working by doing the following:
I have a label, with visability set to false on the page. On page load, I have it populate the labels.text with the date of today MM/DD/YYYY. I then use the following in my where clause:
AND (Labor.LaborDate BETWEEN DATEADD(d, - 14, @Today) AND @Today)
@Today is obviously a control parameter that ties back to my label that stores the date.
Okay, now to my question - while researching how to effectively use between, I saw a lot of warnings about using dynamic SQL statements, because of SQL Injection attacks. My understanding is this would be the case if I was taking this value from a text box, rather than an un-editable label that is also never visable. Is this correct? Or would my current setup leave me open to SQL injection attacks?
Thanks in advance for your advice,