Home/ Questions/Q 565629
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-13T12:53:32+00:00

Could anyone tell me a way to prevent sql injection when building queries for

  • 0

Could anyone tell me a way to prevent sql injection when building queries for SQLite where the WHERE clause has an "myval IN (string_1, ... , string_n)" condition ?

I though about dynamically building the command text with annotations and adding the parameters for those annotations from the string list. Is there an easier way ?

Thanks.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    No, there’s no easier way. Don’t make a list of dangerous characters. Just use command with parameters.

    using (var conn = new SQLiteconnection(connectionString))
using (var command = conn.CreateCommand())
{
    conn.Open();
    command.CommandText = "select name from persons where id = @id";
    command.Parameters.AddWithValue("@id", 5);
    using (var reader = command.ExecuteReader())
    {
        while (reader.Read())
        {

        }
    }
}
    • 0