Tuesday, May 3, 2011

SqlCeResultSet and SQL injection

When using this code to insert a row with SqlCeResultSet,

SqlCeResultSet resultSet = DataAccess.OpenResultSet("MyTable");
SqlCeUpdatableRecord record = resultSet.CreateRecord();
record.SetString(1,TextBox1.Text);
resultSet.Insert(record);

Does it prevent SQL injection attacks?

From stackoverflow

  • Yes it will prevent injection attacks. SetString will place the string into the column as passed in. There is no need to escape the string etc.

Posted by Mu Cat at 9:14 PM

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)