Select from following answers:- Build SqlCommand using parameters.
- Build SqlConnection with a SqlConnectionStringBuilder.
- Set Integrated Security to False.
- All Above
This code is vulnerable to SQL injection attacks. Malicious SQL clauses or statements could be concatenated to the command text. By constructing SqlCommand commands with parameters, you can prevent these attacks.
Setting the Persist Security Info connection string setting to True does not prevent a SQL injection attack.
Show Correct Answer
Source: MeasureUp.com | |
Alert Moderator