You've issued a
feelblue87 wrote:Request Method: GET
GET request instead of a
PUT request. The error is with your code to call the API, which you haven't shown.
Your code is vulnerable to SQL Injection[^]. NEVER use string concatenation to build a SQL query. ALWAYS use a parameterized query.
string SQLCommand = "UPDATE [dbo].[M_EMP_MASTER] ";
SQLCommand = SQLCommand + "SET ";
SQLCommand = SQLCommand + "[EMP_GENDER] = '" + TempValue + "' ";
SQLCommand = SQLCommand + "WHERE [EMP_CODE] = '" + _EmpCode + "'";
Everything you wanted to know about SQL injection (but were afraid to ask) | Troy Hunt[^]
How can I explain SQL injection without technical jargon? | Information Security Stack Exchange[^]
Query Parameterization Cheat Sheet | OWASP[^]
public void PutEmployeeGenderEmpCode(string _EmpCode)
const string SQLCommand = "UPDATE [dbo].[M_EMP_MASTER] SET [EMP_GENDER] = @EmpGender WHERE [EMP_CODE] = @EmpCode";
string TempValue = "1";
using (var conn = new SqlConnection(ConnectionString))
using (var cmd2 = new SqlCommand(SQLCommand, conn))
"These people looked deep within my soul and assigned me a number based on the order in which I joined."