Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
What’s the proper way of parameterizing an order by clause in ADO.NET ?
Sometimes there’s a need to order by 2 columns, while the default is ordering on just 1 column, and sometimes you’ll just want to change ASC to DEC.
Is it considered ok to just use string concatenating in such cases (provided the input doesn’t come from the user directly, but just a lookup of more or less hardcoded values in the code)
The SQL Injection purists will tell you that string concatenation is never permissible, because there always exists the possibility that another programmer may extend the program and expose the SQL statement to the outside world.
However, if the values are hardcoded (i.e. as a constant), and will never see the outside world, then yes, it is perfectly OK to concatenate it.