We've seen a couple of questions, posts, etc. about how to avoid SQL Injection attacks when using APIs that accept a raw SQL string. All our APIs have the same parameterized SQL capabilities as the equivalent System.Data APIs but we should add some docs to make this clearer.
↧