SqlParameters in a ConnectionString ? I would think not ! I think Neo's disclaimer about the initialization of Connection strings provides ample advice to the wise.
On Jul 15, 1:22 pm, akram mellice <[email protected]> wrote: > this code can be injected which leads to a security risk since the user can > add sql code to the connection string directlyinstead use the SqlParameter > class to pass parameters to whatever query u want to do >
