Difference between sp_executesql and EXEC() in Sql Server
EXEC() - whose first parameter is a parameterized SQL statement.
sp_executesql - The second parameter is a parameter-list declaration, similar to the parameter
list present in the declaration of a stored procedure.
If the malicious user enters a value as Sql Injection EXEC() execute the maliculous code
but sp_executesql It will search for the value ' or '1'='1 as product name in the database.
Thus preventing SQL Injection attacks.
Subscribe to:
Post Comments (Atom)
-
ViewBag, ViewData, TempData and View State in MVC ASP.NET MVC offers us three options ViewData, ViewBag and TempData for passing data from...
-
// Export Datatable to Excel in C# Windows application using System; using System.Data; using System.IO; using System.Windows.Forms; ...
No comments:
Post a Comment
Comments Welcome