Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Is this safe from sql injection?
- string whereClause = "WHERE " + filter.ToString() + " > " + nextStartPoint;
- string orderBy = "ORDER BY " + filter.ToString() + " DESC";
- string sql = "SELECT TOP(" + numItemsToGet + ") * " +
- "FROM Items " +
- whereClause + " " +
- orderBy;
- cmd.Parameters.AddWithValue("Count", 10);
- string sql = "SELECT TOP(@Count) * " +
- SET ROWCOUNT @numItemsToGet
- select *
- from Items
- where
- (
- @ColumnANextStartPoint is null
- or ColumnA > @ColumnANextStartPoint
- ) and (
- @ColumnBNextStartPoint is null
- or ColumnB > @ColumnBNextStartPoint
- ) and (
- @ColumnCNextStartPoint is null
- or ColumnC > @ColumnCNextStartPoint
- )
- order by
- case @ColumnANextStartPoint when null then null else ColumnA end DESC,
- case @ColumnBNextStartPoint when null then null else ColumnB end DESC,
- case @ColumnCNextStartPoint when null then null else ColumnC end DESC
- SqlConnection someConnection = new SqlConnection(connection);
- SqlCommand someCommand = new SqlCommand();
- someCommand.Connection = someConnection;
- someCommand.Parameters.Add(
- "@username", SqlDbType.NChar).Value = name;
- someCommand.Parameters.Add(
- "@password", SqlDbType.NChar).Value = password;
- someCommand.CommandText = "SELECT AccountNumber FROM Users " +
- "WHERE Username=@username AND Password=@password";
- someConnection.Open();
- object accountNumber = someCommand.ExecuteScalar();
- someConnection.Close();
Add Comment
Please, Sign In to add comment