SqlBulkCopy and protection from SQL injection

sqlbulkcopy sql-server

Question

I need to insert multiple rows at the same time (1000 rows) into a SQL Server database. I think best way is to use SqlBulkCopy but I'm not sure how to parametrize insert queries to be safe from SQL injection.

Can you please help me? What is best way to perform multiple insert statements (SQL injection safe)?

Thank you.

1
5
5/12/2015 8:28:18 PM

Fastest Entity Framework Extensions

Bulk Insert
Bulk Delete
Bulk Update
Bulk Merge

Expert Answer

The best way to insert multiple rows is by using SqlBulkCopy.

The SqlBulkCopy class is already safe from SQL Injection. So you don't have to worry about this.

3
11/21/2016 10:08:18 PM

Popular Answer

I have used this solution on multiple occassions to do multiple inserts : http://www.sqlteam.com/article/sql-server-2008-table-valued-parameters

Keep in mind that there is an issue with the SQL server security for table valued types. You need to use a wonky syntax to set them:

grant execute on TYPE::dbo.tableType to role_or_user
Jim

Related Questions

Is it feasible to use SqlBulkCopy without the db datawriter permission in SQL 2008?

The error described, following an attempt at sp_addrolemember(), is related to the current user not having the necessary privileges to alter account and security settings....With regards to running SqlBulkCopy, it requires write privileges, and the db_datawriter role is a convenient way to provide these, but maybe you can consider alternatives. Fo...
security sqlbulkcopy sql-server sql-server-2008
asked by mjv

OLEDB IRowsetFastLoad vs. Ado.Net SqlBulkCopy for SQL Bulk Data Insertion

SqlBulkCopy... is the managed equivalent of ...IRowsetFastLoad..., they should perform similarly. In the client, as a general rule, OleDB is faster than ADO.Net due to the availability of bindings, which allow for a faster transfer of data in and out the API (less memcopy required because the buffers are known ahead, fixed and pre-allocated). ADO.N...
ado.net oledb sqlbulkcopy sql-server
asked by Remus Rusanu

Need recommendations on pushing the envelope with SqlBulkCopy on SQL Server

For recommendations on tuning SQL Server for bulk loads, see the ...Data Loading and Performance Guide... paper from MS, and also ...Guidelines for Optimising Bulk Import... from books online. Although they focus on bulk loading from SQL Server, most of the advice applies to bulk loading using the client API. This papers apply to SQL 2008 - you don...
bulkinsert database-performance scalability sqlbulkcopy sql-server
asked by Ed Harper

Insert xml data into SQL server via SqlBulkCopy with powershell (casting error)

I often use string data types for DataColumns while keeping my SQL Server table an XML datatype. This works fine for me....Instead of converting your xml file to xml just use (cat C:\test\4625_forForums.xml -raw) And define your [System.Xml.XmlNode] as [System.String]
.net powershell sqlbulkcopy sql-server xml
asked by Chad Miller

Getting an exception writing a boolean to sql using a datatable and SqlBulkCopy

Encountered the same issue: setting bool column to true/false was ignored by bulk copy, all values were set to null. The previous answer helped to resolve it, but I had to add mappings for all columns to make it work:...foreach (DataColumn column in table.Columns) { sqlBulk.ColumnMappings.Add(column.ColumnName, column.ColumnName); } sqlBulk.Wri...
c# datatable sqlbulkcopy sql-server
asked by Michael Vashkevich

Insert Dictionary elements into SQL table as rows using IDatareader and SqlBulkCopy

As you already have figured out, you need to implement custom ...IDataReader.... As your source is Dictionary - only few relatively simple method/properties such as int FieldCount, bool Read(), object Get(int i) should be implemented....You may find useful examples (...a simple one...) of custom IDataReader implementations by googling ...sqlbulkcop...
c# datareader dictionary sql sqlbulkcopy
asked by kasitan

Timeout Expired using SqlBulkCopy when there are 300Million rows in SQL Server Database

You have 2 properties on your sqlBulkCopy object that can help you...BulkCopyTimeout: This is the value of the timeout, 30 seconds by default. Set this value to 0 to disable the timeout entirely....BatchSize: Instead of inserting 300MM straight into the table, inserts the records at a batched size, maybe 1MM/time to prevent the timeout issue (and e...
sql sqlbulkcopy timeout
asked by Jason W

How to use SqlBulkCopy with transaction on ReliableSqlConnection in sql azure

How much data are you passing in Bulk? You might be able to use a Table-Valued-Parameter approach instead of Bulk Copy, and that is simple to include in a transaction. The table you assemble on the client is sent to SQL as a parameter very quickly, and inserts are performed with BULK optimizations on the server. This is appropriate for ~O(1000...
azure sqlbulkcopy sql-server transactions
asked by Stuart Ozer

SSIS - OleDB connection not updating data, inserted thru SQLBulkCopy with SQL Connection

My bad....Instead of passing data type as long (int in SQL), i was passing it as Varchar....I was looking from last few hours and as soon as i post question here, it strikes me to check the data type....Hope it will help somebody.
oledbconnection sqlbulkcopy sqlconnection ssis
asked by Manish Joisar

SQL Trigger Update to Uppercase doesn't work using SQLBulkCopy Insertion

When you are creating your ...SqlBulkCopy... object add ...SqlBulkCopyOptions.FireTriggers... like so:...SqlBulkCopy bulkCopy = new SqlBulkCopy(connectionString, SqlBulkCopyOptions.FireTriggers); ...FireTriggers... When specified, cause the server to fire the insert triggers for the rows being inserted into the database. - ...SqlBulkCopyOptions...
sqlbulkcopy sql-server-2008-r2 triggers
asked by SqlZim

Fastest Entity Framework Extensions

Bulk Insert
Bulk Delete
Bulk Update
Bulk Merge
View more on Stack Overflow

Prime Library

Performance

Expression Evaluator

More Projects...
Licensed under: CC-BY-SA with attribution
Not affiliated with Stack Overflow
Licensed under: CC-BY-SA with attribution
Not affiliated with Stack Overflow