Comments on: SqlDependency and DateTime values

By: gerrod

gerrod — Mon, 06 Oct 2008 07:59:36 +0000

Hmm… I take your point, but I don’t necessarily agree.

1) This was for an internal application, so not only is everyone’s access logged, but I’d find it difficult to believe that someone inside the company would maliciously attack the software; but even so -

2) The date/time parameter in this instance was never supplied by a user; it was always a generated parameter (in fact, it was always “DateTime.Today”).

Still, I agree that using parameters is always the best option; it’s just that in this instance, I didn’t think it would work!

By: Ben

Ben — Mon, 06 Oct 2008 06:48:00 +0000

You should always use SqlParams and never ever approach a problem like your initial suggestion as this opens you application up to SQL Injection Attacks.

Something you want to avoid at all costs.

By: viiviiviivii

viiviiviivii — Wed, 01 Oct 2008 08:48:09 +0000

I start coding at VF on Monday (first time in 4 months), so, I thought I’d check up on what you Quick Duckers were up to!

Good to see you are still doin stuff..