Hi,
I have a query below and would like to know what are best tools onlien if so any. Or if we can tell by looking at specific code below how to prevent sql injection from happening it:
public bool UpdateIETMPSRates(int nVersionID, string strTrainingPath, int nSoldierRate, bool bBaseTable)
{
string eTConnectionString = null;
string str = "p_UpdateIETMPSRates";
bool flag = false;
try
{
eTConnectionString = base.GetIETConnectionString();
SqlParameter[] sqlParameter = new SqlParameter[] { new SqlParameter("@VersionID", SqlDbType.Int), null, null, null };
sqlParameter[0].Value = nVersionID;
sqlParameter[1] = new SqlParameter("@TrainingPath", SqlDbType.Char, 2);
sqlParameter[1].Value = strTrainingPath;
sqlParameter[2] = new SqlParameter("@SoldierRate", SqlDbType.Int, 4);
sqlParameter[2].Value = nSoldierRate;
sqlParameter[3] = new SqlParameter("@BaseTable", SqlDbType.Bit);
sqlParameter[3].Value = bBaseTable;
SqlHelper.CommandTimeout = 0;
SqlHelper.ExecuteNonQuery(eTConnectionString, CommandType.StoredProcedure, str, sqlParameter);
flag = true;
}
catch (Exception exception1)
{
Exception exception = exception1;
flag = false;
ExceptionManager.Publish(exception);
}
return flag;
}