Home/ Questions/Q 9006705
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-16T01:29:03+00:00

I have two SQL queries in which I’m trying to update sup and opp

  • 0

I have two SQL queries in which I’m trying to update sup and opp values with +1 and -1 respectively each time the query is called.

First query:

    query=update disc set sup=@sup, opp=@opp where did=@did

    int sup=getnoofsup(did);
    int opp = getnoofopp(did);

    com.Parameters.AddWithValue("@sup", sups + 1);
    com.Parameters.AddWithValue("@opp", opps - 1);
    com.Parameters.AddWithValue("@did", did);

    com.ExecuteNonQuery();

Second query 

string query="update disc set sup=sup+1, opp=opp-1 where did=@did" ;
com.Parameters.AddWithValue("@did", did);

com.ExecuteNonQuery();

Is there any threat in second query of injection because I exchange @sup with sup+1?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    No, the second query is as secure as the first one, because it is fully parameterized, and therefore does not present a path through which an external data could enter the text of the SQL query itself. The sup+1 expression is calculated by the RDBMS, not by your program*, so it cannot present an opportunity to inject new code into the existing SQL.

    * and it is not subsequently presented to SQL’s exec stored procedure for re-interpretation.

    • 0