saminetemad
Programmer
Hello,
I have a sql string.
protected void Button1_Click(object sender, EventArgs e)
{
string strconnection;
strconnection = ConfigurationSettings.AppSettings["connectionstring"];
SqlConnection DBConnection = new SqlConnection(strconnection);
DBConnection.Open();
string sql = "";
sql = "UPDATE MoneyManagement SET ";
sql += "Name=" + "'" +TextBox1.Text + "'" + ",";
sql += "Explain=" + "'" + TextBox2.Text + "'" + " ";
sql += "WHERE ID=2 ";
SqlCommand cmd = new SqlCommand(sql, DBConnection);
cmd.ExecuteNonQuery();
DBConnection.Close();
}
Have you a secure way for send sql string to the database?I'm not going to define the parameters. I want to send data with sql string.
I have a sql string.
protected void Button1_Click(object sender, EventArgs e)
{
string strconnection;
strconnection = ConfigurationSettings.AppSettings["connectionstring"];
SqlConnection DBConnection = new SqlConnection(strconnection);
DBConnection.Open();
string sql = "";
sql = "UPDATE MoneyManagement SET ";
sql += "Name=" + "'" +TextBox1.Text + "'" + ",";
sql += "Explain=" + "'" + TextBox2.Text + "'" + " ";
sql += "WHERE ID=2 ";
SqlCommand cmd = new SqlCommand(sql, DBConnection);
cmd.ExecuteNonQuery();
DBConnection.Close();
}
Have you a secure way for send sql string to the database?I'm not going to define the parameters. I want to send data with sql string.