My query is given below:
protected void ddlProject_SelectedIndexChanged(object sender, EventArgs e)
{
SqlConnection con = new SqlConnection(ConfigurationManager.AppSettings["SqlConn"].ToString());
string str="select * from Project_Details where IsActive=0 and Project is not NULL order by '"+ddlProject.SelectedItem.Text+"' asc";
SqlDataAdapter da = new SqlDataAdapter();
SqlCommand cmd = new SqlCommand(str, con);
//cmd.Parameters.AddWithValue("@orderby", ddlProject.SelectedItem.Text.Trim());
cmd.CommandType = CommandType.Text;
da.SelectCommand = cmd;
DataSet ds = new DataSet();
da.Fill(ds);
if (ds.Tables[0].Rows.Count > 0)
{
gvPageDetails.DataSource = ds;
gvPageDetails.DataBind();
}
}
Here I am showing the data order by table fields (Projectname, ClientName, ContractorName, ConsultantName, year, Area)selected in dropdownlist “ddlProject”.
How I will write the above Sql Query in C# to prevent SQL Injection Attack.
