I am working on a form that needs to collect data such as: user name, e-mail address, and comments.
The entries are stored in the database. I am wondering what will happen if a SQL query like this is executed:
DROP mySQLtable
in the coments section.
@UserName,
@E-mailAddress,
@Comments
INSERT INTO mySQLtable (UserName, E-mailAddress, Comments) VALUES
(@UserName, @E-mailAddress, @Comments)
More specifically - is there any risk of a SQL injection?
Thx
No comments:
Post a Comment