Create Mssql database from c# - using Parameters
Posted
by
Alon M
on Stack Overflow
See other posts from Stack Overflow
or by Alon M
Published on 2012-10-01T09:35:28Z
Indexed on
2012/10/01
9:37 UTC
Read the original article
Hit count: 220
i am trying to put up a code to create a databases from my c# code (asp.net website).
this is my code -
SqlCommand myCommand = new SqlCommand("CREATE DATABASE @dbname", nn);
myCommand.Parameters.Add("dbname", dbname);
myCommand.ExecuteNonQuery();
nn.Close();
well, its not working. its giveing me an error - this one : incoreect syntex near '@dbname'.
BUT. if i wont use parameters, peolpe can sql inj to my database. do you have any idea how can use anything, to get the database name from a textbox. and that peolpe cant sql inj me db?
© Stack Overflow or respective owner