Mid ADO.NET

Avoiding string concatenation when building SQL queries.?

Example of preventing SQL injection:

SqlCommand command = new SqlCommand("SELECT * FROM Customers WHERE

CustomerName = @CustomerName", connection);

command.Parameters.AddWithValue("@CustomerName", customerName); //

Use parameterized query

More from ADO.NET Core Tutorial

All questions for this course