Click here to Skip to main content
15,867,330 members
Home / Discussions / Web Development
   

Web Development

 
Questionproblem to check value array Pin
Loei Maleki4-Jun-15 1:52
Loei Maleki4-Jun-15 1:52 
AnswerRe: problem to check value array Pin
Loei Maleki4-Jun-15 1:57
Loei Maleki4-Jun-15 1:57 
QuestionCan't find where is the error from Pin
newbiejo2-Jun-15 22:50
newbiejo2-Jun-15 22:50 
QuestionUnable to stop SQL injection errors. Pin
Stephen Holdorf29-May-15 2:10
Stephen Holdorf29-May-15 2:10 
AnswerRe: Unable to stop SQL injection errors. Pin
Sascha Lefèvre29-May-15 2:55
professionalSascha Lefèvre29-May-15 2:55 
GeneralRe: Unable to stop SQL injection errors. Pin
Stephen Holdorf29-May-15 4:03
Stephen Holdorf29-May-15 4:03 
GeneralRe: Unable to stop SQL injection errors. Pin
Sascha Lefèvre29-May-15 4:10
professionalSascha Lefèvre29-May-15 4:10 
GeneralRe: Unable to stop SQL injection errors. Pin
Richard Deeming29-May-15 4:11
mveRichard Deeming29-May-15 4:11 
You're only concatenating constant strings, not user input or other variables, so there's no vulnerability in that example. You could easily remove the concatenation and declare the query in a single string:
C#
const string sqlQuery = "select isTamMacom = count(macom_key) FROM hier_fy WHERE hier_key = @aspKey AND fy = @fy  AND @accountCode NOT IN (3,4,7,8) AND macom_key IN (select hier_key from lkup_e581_MacomThatRequireTAM) AND is_visible = 1 AND is_active = 1";

If you want to split the string onto multiple lines for readability, use a verbatim string literal:
C#
const string sqlQuery = @"select 
    isTamMacom = count(macom_key) 
FROM 
    hier_fy 
WHERE 
    hier_key = @aspKey 
AND 
    fy = @fy  
AND 
    @accountCode NOT IN (3,4,7,8) 
AND 
    macom_key IN 
    (
        select hier_key 
        from lkup_e581_MacomThatRequireTAM
    ) 
AND 
    is_visible = 1 
AND 
    is_active = 1";




"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer


GeneralRe: Unable to stop SQL injection errors. Pin
Stephen Holdorf29-May-15 8:55
Stephen Holdorf29-May-15 8:55 
GeneralRe: Unable to stop SQL injection errors. Pin
Richard Deeming29-May-15 9:14
mveRichard Deeming29-May-15 9:14 
GeneralRe: Unable to stop SQL injection errors. Pin
Sascha Lefèvre29-May-15 12:55
professionalSascha Lefèvre29-May-15 12:55 
QuestionHow to get my "wp_nav_menu()" function working Pin
Truck5328-May-15 16:34
Truck5328-May-15 16:34 
QuestionHost Windows Class Library in PHP Pin
Jassim Rahma27-May-15 0:49
Jassim Rahma27-May-15 0:49 
QuestionMessage Removed Pin
22-May-15 4:28
Antonio Guedes22-May-15 4:28 
QuestionOpening an existing project in WordPress Pin
indian14321-May-15 21:21
indian14321-May-15 21:21 
AnswerRe: Opening an existing project in WordPress Pin
User 171649221-May-15 22:11
professionalUser 171649221-May-15 22:11 
QuestionImproper Neutralization of special elements used in an sql command Pin
Stephen Holdorf12-May-15 10:09
Stephen Holdorf12-May-15 10:09 
AnswerRe: Improper Neutralization of special elements used in an sql command Pin
Sascha Lefèvre12-May-15 10:33
professionalSascha Lefèvre12-May-15 10:33 
GeneralRe: Improper Neutralization of special elements used in an sql command Pin
Steve Holdorf12-May-15 12:38
Steve Holdorf12-May-15 12:38 
GeneralRe: Improper Neutralization of special elements used in an sql command Pin
Sascha Lefèvre12-May-15 12:54
professionalSascha Lefèvre12-May-15 12:54 
GeneralRe: Improper Neutralization of special elements used in an sql command Pin
Steve Holdorf12-May-15 13:01
Steve Holdorf12-May-15 13:01 
GeneralRe: Improper Neutralization of special elements used in an sql command Pin
Sascha Lefèvre12-May-15 13:17
professionalSascha Lefèvre12-May-15 13:17 
GeneralRe: Improper Neutralization of special elements used in an sql command Pin
Steve Holdorf12-May-15 14:14
Steve Holdorf12-May-15 14:14 
GeneralRe: Improper Neutralization of special elements used in an sql command Pin
Sascha Lefèvre12-May-15 14:54
professionalSascha Lefèvre12-May-15 14:54 
GeneralRe: Improper Neutralization of special elements used in an sql command Pin
Steve Holdorf12-May-15 15:34
Steve Holdorf12-May-15 15:34 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.