Spaghetti Tom: In the name of using SqlParameter in an HP Fortify-friendly manner...

Saturday, December 15, 2012

In the name of using SqlParameter in an HP Fortify-friendly manner...

SqlParameter foo = bar.Parameters.AddWithValue("@Baz", qux);

...is copacetic while this isn't...

SqlParameter foo = bar.Parameters.Add("@Baz", SqlDbType.NVarChar, 42);
foo.Value = qux;

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)