What is the best way from asp.net to avoid sql injections but at the

Question

0

Asked: May 27, 20262026-05-27T14:05:45+00:00 2026-05-27T14:05:45+00:00

What is the best way from asp.net to avoid sql injections but at the

0

What is the best way from asp.net to avoid sql injections but at the same time I want to set my user free to enter any special symbol.

Edit

I am not using any parametrised query, I am using enterprise library and stored procedure

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-27T14:05:46+00:00

Use the SqlCommand.Prepare Method as mentioned on bobby-tables.

private static void SqlCommandPrepareEx(string connectionString)
{
    using (SqlConnection connection = new SqlConnection(connectionString))
    {
        connection.Open();
        SqlCommand command = new SqlCommand(null, connection);

        // Create and prepare an SQL statement.
        command.CommandText =
            "INSERT INTO Region (RegionID, RegionDescription) " +
            "VALUES (@id, @desc)";
        SqlParameter idParam = new SqlParameter("@id", SqlDbType.Int, 0);
        SqlParameter descParam = 
            new SqlParameter("@desc", SqlDbType.Text, 100);
        idParam.Value = 20;
        descParam.Value = "First Region";
        command.Parameters.Add(idParam);
        command.Parameters.Add(descParam);

        // Call Prepare after setting the Commandtext and Parameters.
        command.Prepare();
        command.ExecuteNonQuery();

        // Change parameter values and call ExecuteNonQuery.
        command.Parameters[0].Value = 21;
        command.Parameters[1].Value = "Second Region";
        command.ExecuteNonQuery();
    }
}

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

What is the best way from asp.net to avoid sql injections but at the

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply