How can I insert the parameter plus additional string into TSQL
Dim query As String = "INSERT INTO Rep_Links(Module_Code, Rep_Code, Rep_Name, Rep_Web_Link) " &
"VALUES (@Module_Code, (SELECT TOP 1 [Module_Code] + replicate('0', 3 - len(MAX(CAST(RIGHT([Rep_Code],3) AS INT)) + 1)) + CAST(MAX(CAST(RIGHT([Rep_Code],3) AS INT)) + 1 AS VARCHAR) FROM [Rep_Links] WHERE [Module_Code] = @Module_Code GROUP BY [Module_Code])," & " <A HREF="@Rep_Web_Link" target="_blank">@Rep_Name</A> "
The issue is with the below line, as when I try to insert the two parameters @Rep_Web_Link and @Rep_Name into Rep_Web_Link column.
Member
28 Points
147 Posts
Need help inserting parameter with additional strings
Aug 03, 2019 11:55 AM|Matt99|LINK
How can I insert the parameter plus additional string into TSQL
The issue is with the below line, as when I try to insert the two parameters @Rep_Web_Link and @Rep_Name into Rep_Web_Link column.
<A HREF="@Rep_Web_Link" target="_blank">@Rep_Name</A>
I would like the record to be inserted into the Rep_Web_Link column as in the following result for example:
<A HREF="http://sample.com" target="_blank">sample page</A>
Member
28 Points
147 Posts
Re: Need help inserting parameter with additional strings
Aug 03, 2019 12:08 PM|Matt99|LINK
I figured it out that the closing bracket was missing plus additional changes for the double quotes.
I appreciate if someone can tell me if the above tsql statement is vulnerable to sql injection. If so how can I improve the sql statement.
Thanks in advance