Query parametrization is the only way of preventing SQL injections into the database.
By using of parameters we can avoid SQL injection. If we don't use parameters , intruders will inject hursh content to destory or capture your database like this . SELECT * FROM tbllogin WHERE UserId = 6 OR 1=1; SELECT * FROM tbllogin; DROP TABLE tbllogin
Login in to like
Login in to comment