Hello everyone,
im pretty new using ado.net for connecting to a database, but im totally new to getting my query's sql injection proof, i'am using it like this,
OleDbConnection dbcon = new OleDbConnection();
OleDbDataReader dr;
dbcon.connectionstring = ....connection string setup;
OleDbCommand dbc = new OleDbCommand("SELECT * FROM test WHERE id=@id", dbcon);
cmd.Parameters.AddWithValue("@id",id);
dr = dbc.ExecuteReader();
while (dr.Read())
{
...code here
}
but i dont know exactually in wich situations you need to do this.
1. all the query's such as: insert,select,update,delete.
2. only query's wich requires user input from textboxes for example.
And before i used the parameters i could see the litteral input when i was debugging my code by watching the dbc.Commandtext, but now its just filled with the placeholders like @id etc.
Is there any way i can see the litteral query with the real value's?
Thanks in advance.