Welcome › Forums › General PowerShell Q&A › SQL Injection prevent
I have problem with my powershell script because I can’t prevent from sqli.
I don’t know how use parameters or what can I do.
I have function to connect to DB
`select * from aaa where b=’$var1′ and c=’$var2′
$result = Get-ODBC-Data -query $query`
Can you please elaborate on the issue? And are you seeing any error there?
I can put something like this
' or 1 ='1'; update HereIsUpdateQuery '--
into var1 and this update is making od DB.
I found it but it doesn’t work
"UPDATE Products SET Id='1' WHERE Id = @myId"
of course I set my select instead of update from this example and change “myId” with @aaa