views:

29

answers:

1

Is there possible to use sql-injection code while invoking DataTable.Select? How can I restrict such vulnerability or get rid of it at all?

A: 

Even though I don't know the DataTable.Select-Statement, I would say:

If there is a possibility of an SQL injection always depends on, whether there is user-generated input involved in what you pass to DataTable.Select.

If there is you have to make sure to escape it properly, or in case of integer values, its also fine to make sure, they are of integer type and don't contain text.

JochenJung