Ja.. Parameter verhindern sql injection. Bitte keine html mails...
Claudius -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Reinmueller, Jan Sent: Dienstag, 3. Juni 2003 16:23 To: '[EMAIL PROTECTED]' Subject: [Asp.net] SQL Injection Hi Liste! Stimmt mein Code so, wenn ich eine SQL Injection vermeiden will? string SQL = "SELECT * FROM login WHERE mail= @Mail AND pswd= @Pswd;"; SqlCommand cmd = new SqlCommand(SQL, conn); cmd.Parameters.Add("@Mail", this.email); cmd.Parameters.Add("@Pswd", this.passwort); SqlDataReader reader = cmd.ExecuteReader(CommandBehavior.Default); Danke Jan _______________________________________________ Asp.net mailing list [EMAIL PROTECTED] http://www.glengamoi.com/mailman/listinfo/asp.net
