I am trying to write Influx queries and to prevent SQL injection using bind parameters. The Influx documentation talks about CURL commands here and I saw a GitHub issue relating to their Java client here
Could someone please help me with SQL injection prevention using the C# Influx client with multi[ple WHERE clauses.
My query:
SELECT * FROM "retentionPolicy.SystemGuid" WHERE time >= "startTime" AND time <= "endTime" AND Quality = "good"
To avoid sql Injection you should be using parameterized queries.
how to do that?
You shouldn't pass the query as a string parameter, you should pass the query as string parameter containing placeholders and the values for those placeholders
ex:
using (SqlConnection conn = new SqlConnection(DatabaseConnectionString))
using (SqlCommand cmd = conn.CreateCommand())
{
conn.Open();
cmd.CommandText = "SELECT * FROM Users WHERE UserName = @UserName AND Password = @Password";
cmd.Parameters.AddWithValue("@UserName", txtBoxUserName.Text);
cmd.Parameters.AddWithValue("@Password", txtBoxPAssword.Text);
cmd.ExecuteNonQuery();
}