How can I fix the SQL Injection without compromising the executability of the code?
If I try to parameterize the "userId" the code crashes and gives me back the error in the image.
Thanks for your help.
Asked
Active
Viewed 70 times
0
-
Does this answer your question? [What are good ways to prevent SQL injection?](https://stackoverflow.com/questions/14376473/what-are-good-ways-to-prevent-sql-injection) and [SqlCommand Parameters Add vs. AddWithValue](https://stackoverflow.com/questions/21110001/sqlcommand-parameters-add-vs-addwithvalue) – Aug 05 '21 at 09:43
-
Hey Jacopo can you share a snapshot of the code then we can better help. – Steve Aug 05 '21 at 09:51
-
What are you *actually* trying to do? Why do you need to have differently named temp tables (#temp tables are local to your session only)? And why do you need a temp table at all? – Charlieface Aug 05 '21 at 12:38
-
I'm trying to create a temp table named #temp"+ userId + @". SonarCloud keeps telling me that rapresents a security issue. But if i try to parameterize (as sonarcloud suggest) the name of the table, the program crashes with the error i've shown before – Jacopo Santerini Aug 05 '21 at 14:07