I have someone telling me that SQL calls are more secure if you have the code in your aspx page and retrieving/passing the variables in the code behind while I believe it is more secure to have your SQL calls in the C# page and parameterized.

Anyone have an opinion which I can use to argue my case, or am I wrong?

Related posts

Recent Viewed