On May 2, 7:24 am, Stephen Russell <[email protected]> wrote: > On Fri, Apr 29, 2011 at 11:58 AM, Davej <[email protected]> wrote: > > Can parameterized strings still be vulnerable to SQL injection? > > --------------------- > > YES! > > Don't be fooled into thinking that everything is 100% safe just > because you have a parameter. > > The param will not get fooled with: > Smith' GO Drop Table Employee Go > > It will accept hex that causes a buffer overload though. >
Ok, that is a good point that I should add a maxlength value to each textbox. -- You received this message because you are subscribed to the Google Groups "DotNetDevelopment, VB.NET, C# .NET, ADO.NET, ASP.NET, XML, XML Web Services,.NET Remoting" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/dotnetdevelopment?hl=en?hl=en or visit the group website at http://megasolutions.net
