4
I have the following code
public DataTable PesquisarPorNome(string NomePesquisado)
{
try
{
DataTable tabela = new DataTable();
SqlDataAdapter adaptador = new SqlDataAdapter("SELECT * FROM tbEspecialidades WHERE NomeEspecialidade LIKE '%" + NomePesquisado + "%' ", conexao.StringConexao);
adaptador.Fill(tabela);
return tabela;
}
catch (Exception ex)
{
throw new Exception(ex.Message);
}
finally
{
conexao.DesconectarDoBanco();
}
}
I know that if I make this available, the cow goes to the swamp, because SQL Injection is there for this, but how to use parameters ? Thank you
Which database you’re using?
– Marco Souza
Sorry, I’m not receiving notifications, I’m using SQL
– Antonio Marcos Sisoto
Antonio, the Structured Query Language (SQL) is a language to query databases.
– Marco Souza
Ok, I don’t know if I understand your question, I’m using MSSQL . I know that SQL is a language , that we often confuse with MSSQL is that SGBD.
– Antonio Marcos Sisoto