Select the one which would lead to SQL injection attack

technology testing

  1. SqlDataAdapter myCommand = new SqlDataAdapter( "SELECT CustomerName, Email, PhoneNo FROM users WHERE cust_id = '" + txtuser.Text + "'", myConnection);

  2. CREATE PROCEDURE procGetUser @custId VARCHAR(5) AS SELECT CustomerName, Email, PhoneNo FROM Customers WHERE cust_id = @custId

  3. SqlDataAdapter myDataAdapter = new SqlDataAdapter("SELECT CustomerName, Email, PhoneNo FROM Customers WHERE cust_id = @cust_id", connection); myCommand.SelectCommand.Parameters.Add("@cust_id", SqlDbType.VarChar,

  4. All the above

Show answer
Correct Option: A

Find more quizzes: