I heard that SQL Injection can still be possible when using ADO.NET SQLParameter (paramterised query) for SQL Server.
I am looking for real examples in C#/VB code as proof.
EDIT: I am looking for SPECIFIC working examples. Not introductions to sql injection or how to prevent it.
If you're creating a statement in a stored proc and using sp_executesql, a parameterized query is a false safety net.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With