Advanced Data Access with ADO.NET and Oracle

By way of Sam:

MSDN has published a new article by Bill Hamiliton Advanced Data Access with ADO.NET and Oracle on using ADO.NET 1.1 to retrieve data from complex Oracle data types.

While the article is good in showing you various advanced techniques, I have a general question. Does anyone else notice most of the examples, in the way the SQL command text is written, are vulnerable to SQL Injection (yes, it can be done with Oracle too!)?

Learn the techniques, but still practice secure, safe coding!

Published Wednesday, August 11, 2004 7:59 AM by RHurlbut

Filed under: ADO.NET, .NET, Security, Database Development

Comments

Wednesday, August 11, 2004 9:42 AM by Kevin Hegg

# re: Advanced Data Access with ADO.NET and Oracle

This has been a long-standing complaint of mine about Microsoft samples. Often, they demonstrate poor programming practices, security and otherwise. Since many novice developers copy and paste from Microsoft samples without thinking, the Microsoft samples are a never-ending supply of fuel that gets added to the fire.

Robert Hurlbut's .NET Blog

This Blog

Syndication

Search

Navigation

.Company / Other Sites / Other Blogs

.NET Links

.NET Local Boston Events

.NET User Groups in New England

Blogs - .NET

Blogs - Agile

Blogs - Architecture

Blogs - CLR

Blogs - Security

Blogs - SQL Server

Blogs - System.Transactions

Enterprise Services (COM+) Resources

Indigo Resources

Microsoft Security Resources

Presentation resources

Recommended Books

Rotor Resources

Security Resources

Tags

Recent Posts

Archives