Menu
I have the below code:
string cmdText="select * from [TestTable] where [TestColumn]=@testparam";
var cmd = new SqlCommand(cmdText);
cmd.Parameters.AddWithValue("@testparam", "hello");
Is there an way to get the sql statements being sent to the database engine? I am using SAP B1 DI API which have a Recordset object that takes the sql string as parameter. I could have used escaped values for parameters to prevent sql injection. Also, please let me know if it is possible with some other external library or I need to escape the parameter values manually.
909
If you're using SQL Server, I think SQL Server Profiler is your solution.
Using this tool, you're able to listen to every query and action, that could be invoked by your C# code. In this way, you'll be able to understand which statements are sent to the RDBMS engine.
58
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
