SQL Injection?

[Guest]

Will the code below protect me from SQL injection in an ASP.Net page?
Dim cmd As SqlCommand
Dim prm As SqlParameter
Dim salary As String
cmd.CommandText = "select salary from employee where name=@name"
prm = New SqlParameter("@name", name.text)
cmd.Parameters.Add(prm)
salary = cmd.ExecuteNonQuery

 

[Miha Markic [MVP C#]]

Hi Arne,

Yes.

 

[W.G. Ryan MVP]

Yes, and it will protect you from all sorts of other problems like Irish
Surnames. Definitely the preferred way to do this.