SqlBulkCopy and SQL injection protection
I need to insert multiple rows at the same time (1000 rows) into a SQL Server database. I think the best way is to use SqlBulkCopy
, but I'm not sure how to parameterize insert queries to be safe from SQL injection.
Could you help me? What is the best way to execute multiple insert statements (safe SQL injection)?
Thank.
+3
source to share
2 answers
I've used this solution on several occasions to create multiple inserts: http://www.sqlteam.com/article/sql-server-2008-table-valued-parameters
Be aware that there is a SQL Server security issue for table types. To install them you need to use the wank syntax:
grant execute on TYPE::dbo.tableType to role_or_user
0
source to share