Is SqlBulkCopy vulnerable to SQL Injection?

Asked Jan 27 '14 at 17:20

Active Jan 27 '14 at 17:20

Viewed 357 times

Haven't been able to find a reasonable answer for this... It would seem that SqlBulkCopy is not vulnerable to injection because the columns are matched through inner parameters of the SqlBulkCopy and not through plain string queries... But hard to tell what is actually going on behind the curtains...

If it is vulnerable, as it seems there's no way of using parameterized queries with it, what's the best safe way to cram datatables (c#) into existing tables in the db?

Thanks!

Gilad

asked Jan 27 '14 at 17:20

Gilad Barner

I've got the same question, I'd love to copy all data from my excel doc into a temp table then use that table to read back through and process business rules and then commit to final table. But I want to make sure it's secure. – Nick Benedict Aug 14 '14 at 14:54
Does this answer your question? [SqlBulkCopy and protection from SQL injection](https://stackoverflow.com/questions/30199829/sqlbulkcopy-and-protection-from-sql-injection) – Timothy G. Mar 30 '23 at 13:44

Is SqlBulkCopy vulnerable to SQL Injection?

0 Answers0