SqlBulkCopy and SQL injection protection

Question

SqlBulkCopy and SQL injection protection

I need to insert multiple rows at the same time (1000 rows) into a SQL Server database. I think the best way is to use SqlBulkCopy

, but I'm not sure how to parameterize insert queries to be safe from SQL injection.

Could you help me? What is the best way to execute multiple insert statements (safe SQL injection)?

Thank.

+3

sql-server sqlbulkcopy

user2980426 May 12 '15 at 19:28

source to share

2 answers

Jonathan Magnan · Answer 1 · 2016-11-21T22:08:18+0000

The best way to insert multiple lines is with SqlBulkCopy .

The SqlBulkCopy class is already SQL Injection safe. Therefore, you don't need to worry about it.

Jim · Answer 2 · 2016-11-21T15:18:18+0000

I've used this solution on several occasions to create multiple inserts: http://www.sqlteam.com/article/sql-server-2008-table-valued-parameters

Be aware that there is a SQL Server security issue for table types. To install them you need to use the wank syntax:

grant execute on TYPE::dbo.tableType to role_or_user

SqlBulkCopy and SQL injection protection

More articles: