J
Jonathan Wood
I have a couple of security questions.
First, I just created the following stored procedure:
ALTER PROCEDURE dbo.mc_Trainer_SetClientMessage
@TrainerId uniqueidentifier,
@Message text
AS
BEGIN
UPDATE dbo.mc_Trainers SET WelcomeText=@Message WHERE UserID=@TrainerId
RETURN
End
Am I correct in my understanding that, if @Message contains any SQL
statements, that will not cause any problems within this procedure?
Second, does anyone see any problems using hard-coded SQL statements in C#
as long as such statements are constructed without any user-entered text?
Thanks for any suggestions!
Jonathan
First, I just created the following stored procedure:
ALTER PROCEDURE dbo.mc_Trainer_SetClientMessage
@TrainerId uniqueidentifier,
@Message text
AS
BEGIN
UPDATE dbo.mc_Trainers SET WelcomeText=@Message WHERE UserID=@TrainerId
RETURN
End
Am I correct in my understanding that, if @Message contains any SQL
statements, that will not cause any problems within this procedure?
Second, does anyone see any problems using hard-coded SQL statements in C#
as long as such statements are constructed without any user-entered text?
Thanks for any suggestions!
Jonathan