Posted by Dan Guzman on 11/17/07 14:32

> I agree with you, but isn't this a strike against LINQ?

IMHO, yes. I know little about LINQ but, from what I've seen, there are
both pros and cons.

--
Hope this helps.

Dan Guzman
SQL Server MVP

"Tom van Stiphout" <no.spam.tom7744@cox.net> wrote in message
news:n0brj3prd4fba5d66mcj7a35qt6pbs5gu7@4ax.com...
> On Fri, 16 Nov 2007 13:01:14 GMT, "Dan Guzman"
> <guzmanda@nospam-online.sbcglobal.net> wrote:
>
> I agree with you, but isn't this a strike against LINQ?
> -Tom.
>
>
>>> I'm a web programmer, but I never understood sql injecting.
>>
>>Your best defense against SQL injection in SQL Server is to execute only
>>parameterized SQL statements and stored procedures. Never build SQL
>>strings
>>by concatenating values. Code is vulnerable to injection if SQL
>>statements
>>are built and executed like:
>>
>>sqlStatement = "SELECT MyData FROM dbo.MyTable WHERE MyColumn = '" +
>>myValue
>>+ "'";
>>
>>A malicious user can change the intent of this SQL statement by specifying
>>a
>>value like:
>>
>>';DROP TABLE dbo.MyTable;--
>>
>>or
>>
>>' UNION ALL SELECT Password FROM dbo.Users;--
>>
>>Google "SQL injection" for more information.

• Next in forum: MI5 Persecution: he's an idiot you know 3/11/00 (17923)
• Prev in forum: Re: Tracking Record Lineage, Family, etc.
• Thread view: Re: Sql injecting

[Reply to this message]