andrewmilner
asked on
c# How does SQL Command Paramatized Query Prevent SQL Injection
As title.
I am building an SQL Command like.
SqlCommand cmd = new SqlCommand(Delete from Customers where CustomerID = @CustomerID);
cmd.Parameters.AddWithValu e("@Custom erID", CustomerID);
How does this acutally prevent SQL Injection?
If CustomerID was a string and a user entered "BobsCustomerID; drop table Customers" how is this not a risk with a parametized query.
I am building an SQL Command like.
SqlCommand cmd = new SqlCommand(Delete from Customers where CustomerID = @CustomerID);
cmd.Parameters.AddWithValu
How does this acutally prevent SQL Injection?
If CustomerID was a string and a user entered "BobsCustomerID; drop table Customers" how is this not a risk with a parametized query.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.