View Single Post
10-16-2007, 02:40 PM
#2
masfenix is offline masfenix
Status: Member
Join date: Mar 2006
Location: t.dot canaada
Expertise:
Software:
 
Posts: 182
iTrader: 1 / 100%
 

masfenix has a little shameless behaviour in the past

Send a message via AIM to masfenix

  Old

You havea number of options here.

I prefer using stored procedures.

But if infact you are using dynamic T-SQL, then use parameters.

for example:

Dim cmd as new SqlCommand
cmd.CommandType = Data.CommandType.Text
cmd.CommandText = "SELECT * FROM [bets] WHERE closed = @int"
cmd.Parameters.Add("@int", SqlDbType.SmallInt).Value = [some value].

next put a "validaterequest=true" on top of your page.