I have the below code. Before doing the
dataAdapter.Update(dataset, " TableX ");
I add some rows to the datatable which have some columns nvarchar. Does this prone to Sql Injection
ds.tables[0].Rows["TableX"] = MALICIOUS SQL INJECTION ATTEMPT;
say this is where the end user could slip malicious string he wanted
into
What I have tried:
using (var dataAdapter = new SqlDataAdapter(selectCommand))
using (var cmdBuilder = new SqlCommandBuilder(dataAdapter))
{
cmdBuilder.ConflictOption = ConflictOption.OverwriteChanges;
using (var dataset = new DataSet())
{
var stopwatch = new Stopwatch();
dataAdapter.UpdateBatchSize = 0;
dataAdapter.AcceptChangesDuringFill = false;
dataAdapter.AcceptChangesDuringUpdate = false;
stopwatch.Start();
dataAdapter.Fill(dataset, "TableX");
newrow contains some columns of type navrchar
ds.Tables["TableX"].Rows.Add(newRow);
dataset.AcceptChanges();
dataAdapter.Update(dataset, " TableX ");
}
}