You are reviewing the following code, which executes a command based on the user input entered into a TextBox control:

SqlConnection conn = new SqlConnection("Persist Security Info=False;"+
"Integrated Security=SSPI;database=northwind;server=dataServer");
string commandText = string.Format("SELECT * FROM Customers WHERE LastName='{0}'",
txtBoxLastName.Text);
SqlCommand cmd = new SqlCommand(commandText, conn);

You must make recommendations to improve security.

What should you do?

 Posted by Rajkatie on 8/31/2012 | Category: ADO.NET Interview questions | Views: 1808 | Points: 40
Select from following answers:
  1. Build SqlCommand using parameters.
  2. Build SqlConnection with a SqlConnectionStringBuilder.
  3. Set Integrated Security to False.
  4. All Above

Show Correct Answer


Source: MeasureUp.com | | Alert Moderator 

Comments or Responses

Login to post response