tsql - Safety of C# DataTable as SQL Parameter -


i read lot sql injections lately , know sqlparameter not prevent injections sure, table parameter safe single parameter?

some untested uncompiled example code clarification:

is this...

sql:

create procedure dbo.insertsingle      @name nvarchar(max),     @phone nvarchar(max) begin     set nocount on;       insert foobar.dbo.sometable      values(@name, @phone) end go

c#:

foreach(user u in users)  {      connection.open();       sqlcommand com = connection.createcommand();      com.commandtype = commandtype.storedprocedure;      com.commandtext = "dbo.insertsingle";       sqlparameter p = new sqlparameter("@name", u.name);      com.parameters.add(p);       p = new sqlparameter("@phone", u.phone);      com.parameters.add(p);       com.executescalar(); }

as safe this?

sql: 

create procedure dbo.insertbunch      @valuesastable dbo.valuesastabletype readonly begin     set nocount on;      insert foobar.dbo.sometable          select *          @valuesastable end go

c#:

datatable valuesastable = users.getsomeinsertdata(); connection.open();  sqlcommand com = connection.createcommand(); com.commandtype = commandtype.storedprocedure; com.commandtext = "dbo.insertbunch";  sqlparameter p = new sqlparameter("@valuesastable", valuesadtable); p.sqldbtype = sqldbtype.structured; p.typename = "dbo.valuesastabletype"; com.parameters.add(p);  com.executescalar();

i tried search it, cannot find input. can link me in right direction?

thanks in advance

typed parameters prevent sql injection if there no possibility interpreted literal commands, , executed. whether transported scalar or table-valued parameters, not make difference in regard.


Comments

Post a Comment

Popular posts from this blog

neo4j - finding mutual friends in a cypher statement starting with three or more persons -

Image
i trying build cypher statement neo4j know 2-n starting nodes name , need find node (if any) can reached of starting nodes. at first tought similar "mutual friend" situation handled (start1)-[*..2]->(main)<-[*..2]-(start2) in case have more 2 starting points around 6 know name. so puzzled how can include third, fourth , on node cypher able find commmon root amongst them. in above example neo4j website need path starting 'dilshad', 'becky' , 'cesar' check if have common friend (anders) excluding 'filipa' , 'emil' not friends of three. so far create statement programmatically looks like match (start1 {name:'person1'}), (start2 {name:'person2'}), (start3 {name: 'person3'}), (main) (start1)-[*..2]->(main) , (start2)-[*..2]->(main) , (start3)-[*..2]->(main) return distinct main but wondering if there more elegant / efficient way in cypher possibly use list of names parameter ...
Read more

php - How to remove letter in front of the word laravel -

Image
based on picture above result of var_dump() , dd() of same variable ,when var_dump() , apostrophe (') symbol in black diamond of question mark , when dd() same variable , apostrophe can seen letter 'b' appear in front of words what want can me result : loreal's sdn bhd and @ same time want remove special character ( excluding these 4 symbols (-) ,(_) ,('),(,) ) simply escape special character resolve issue. mysqli_real_escape_string resolve issue. $name = mysqli_real_escape_string($request()->user); or use addslashes function() $name = addslashes($request()->user);
Read more

minify - Minimizing css files -

i want know how css files can minimized. currently, using external sites css minifier compress css files. however, after removing whitespaces, comments, etc, file sizes reduced 10-15%. how frameworks bootstrap manage make minimized versions kilobytes. as example, css is: body { background-color: #ff0; } the reduction goes 28 bytes 22 bytes other css files have lot more characters still smaller this. actually minifying code means it's remove thing code white space characters new line characters comments block delimiters it reduces amount of code has transferred on web , speed site load fastly.but unreadable format.
Read more