Tuesday, April 08, 2008

Know Dot Net - NET Refactor - SQL Parameters

More tools to remove dynamic SQL from applications.

Cleaing up Dynamic SQL

Using Dynamic SQL is a bad habit that many developers must admit to having used. And, even worse, when you start to use it, you don't just use it once or twice. You use it so many times over a project that you may be ashamed to admit it. Old habits die hard!. Dynamic SQL is dangerous. On the Web, it opens your site to injections attacks and hacking. In a desktop or Client Server application, it opens the door to the old single quote (name = O'Rielly) bug-a-boo, to which all who would be honest, have been a victom. The SQL Parameters menu option of NET Refactor, found under the SQL Refactor Menu, converts dynamic parameters to the use of Database Command.Parameters automatically.

Know Dot Net - NET Refactor - SQL Parameters

No comments: