Some comments about your reply.
- Please use some coding guidelines. I published some under the Code Project article "Minimalist Coding Guidelines". The areas that I think you should read are "Edge Detection" under "Indentation" and "Identifier Spelling".
- Limit the length of your lines. Your declaration of spChange is more than 400 characters long. That is too long for anyone to comprehend. See my example below.
- Don't use names that conflict with those already in the global namespace. See "Identifier Spelling" in "Minimalist Coding Guidelines". By so doing, "global::System.String" can be replaced by "string" and "global::System.Byte" by "byte", making your code more compact.
- Don't use abbreviations even if to you their meanings are apparent. I am referring to "nam" and "usr" for which I see no advantage (other than obfuscation). If you are going to use abbreviations, follow the rules in "Minimalist Coding Guidelines".
- When you supply code to Code Project, you do not need to supply every line. If a construct repeats, just show one or two followed by ellipses (I use two commented colons). That way the reader does not have go through each line.
public int spChange ( string action,
string id,
string final_code,
string name,
string telephone,
string email,
byte [ ] picture,
string group34,
string field21,
string field22,
string field25,
string fileId,
string user )
{
ObjectParameter action_parameter;
if ( action != null )
{
action_parameter = new ObjectParameter ( "Action",
action );
}
else
{
action_parameter = new ObjectParameter (
"Action",
typeof ( string ) );
}
ObjectParameter id_parameter;
if ( id != null )
{
id_parameter = new ObjectParameter ( "Id", id );
}
else
{
id_parameter = new ObjectParameter (
"Id",
typeof ( string ) );
}
}
I see no reason to be concerned with SQL injection. Your stored procedure interface seems secure.