Back to list
Views:   0
Replies:  0
Archived
,
Reply 1
Indeed, as a developer you should never take any user input and place it verbatim into the 'where' string. 

Instead you construct your where clause with ordinal parameters (@0, @1, etc) .
Then pass the actual parameter values into the parameter list of the Paged and other methods.
(this is why there is a separate parameter list in the first place).

Hope this helps.

Jack Poorte, Jul 08, 2014
Stay Inspired!
Join other developers and designers who have already signed up for our mailing list.
Terms     Privacy     Licensing       EULA       Sitemap      
© Data & Object Factory, LLC.
Made with    in Austin, Texas