Edit: errr, nevermind. I read your posts further down.
Well to be fair, the article isn't claiming that parameterized queries will make all your DB transactions secure, just that they will prevent injection attacks. Which is true isn't it?
Unless you have dynamic code generation in your sql, parameterized queries make injection attacks impossible, don't they?
Well to be fair, the article isn't claiming that parameterized queries will make all your DB transactions secure, just that they will prevent injection attacks. Which is true isn't it?
Unless you have dynamic code generation in your sql, parameterized queries make injection attacks impossible, don't they?