View Single Post
10-16-2007, 02:40 PM
masfenix is offline masfenix
Status: Member
Join date: Mar 2006
Location: canaada
Posts: 182
iTrader: 1 / 100%

masfenix has a little shameless behaviour in the past

Send a message via AIM to masfenix


You havea number of options here.

I prefer using stored procedures.

But if infact you are using dynamic T-SQL, then use parameters.

for example:

Dim cmd as new SqlCommand
cmd.CommandType = Data.CommandType.Text
cmd.CommandText = "SELECT * FROM [bets] WHERE closed = @int"
cmd.Parameters.Add("@int", SqlDbType.SmallInt).Value = [some value].

next put a "validaterequest=true" on top of your page.