What’s the safest way of generating SQL queries in C#, including cleansing user input

Question

0

Asked: May 30, 20262026-05-30T07:57:30+00:00 2026-05-30T07:57:30+00:00

What’s the safest way of generating SQL queries in C#, including cleansing user input

0

What’s the safest way of generating SQL queries in C#, including cleansing user input so it’s safe from injection? I’m looking to use a simple solution that doesn’t need external libraries.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-30T07:57:32+00:00

Use Sql Parameters:

http://msdn.microsoft.com/en-us/library/system.data.sqlclient.sqlparameter(v=vs.80).aspx

Here’s an example in C#

SqlCommand tCommand = new SqlCommand();
tCommand.Connection = new SqlConnection("YourConnectionString");
tCommand.CommandText = "UPDATE players SET name = @name, score = @score, active = @active WHERE jerseyNum = @jerseyNum";

tCommand.Parameters.Add(new SqlParameter("@name", System.Data.SqlDbType.VarChar).Value = "Smith, Steve");
tCommand.Parameters.Add(new SqlParameter("@score", System.Data.SqlDbType.Int).Value = "42");
tCommand.Parameters.Add(new SqlParameter("@active", System.Data.SqlDbType.Bit).Value = true);
tCommand.Parameters.Add(new SqlParameter("@jerseyNum", System.Data.SqlDbType.Int).Value = "99");

tCommand.ExecuteNonQuery();

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

What’s the safest way of generating SQL queries in C#, including cleansing user input

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply