Skip to content

Commit 85a7abb

Browse files
PRMerger14PRMerger14
authored
Merge pull request #203383 from dzsquared/sqlbindings-june2022update
Sqlbindings june2022update
2 parents 8e90c23 + 3091585 commit 85a7abb

File tree

2 files changed

+5
-0
lines changed

2 files changed

+5
-0
lines changed

articles/azure-functions/functions-bindings-azure-sql-input.md

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -542,6 +542,9 @@ The following table explains the binding configuration properties that you set i
542542

543543
The attribute's constructor takes the SQL command text, the command type, parameters, and the connection string setting name. The command can be a Transact-SQL (T-SQL) query with the command type `System.Data.CommandType.Text` or stored procedure name with the command type `System.Data.CommandType.StoredProcedure`. The connection string setting name corresponds to the application setting (in `local.settings.json` for local development) that contains the [connection string](/dotnet/api/microsoft.data.sqlclient.sqlconnection.connectionstring?view=sqlclient-dotnet-core-3.1&preserve-view=true#Microsoft_Data_SqlClient_SqlConnection_ConnectionString) to the Azure SQL or SQL Server instance.
544544

545+
Queries executed by the input binding are [parameterized](/dotnet/api/microsoft.data.sqlclient.sqlparameter) in Microsoft.Data.SqlClient to reduce the risk of [SQL injection](/sql/relational-databases/security/sql-injection) from the parameter values passed into the binding.
546+
547+
545548
::: zone-end
546549

547550
## Next steps

articles/azure-functions/functions-bindings-azure-sql-output.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -546,6 +546,8 @@ The following table explains the binding configuration properties that you set i
546546
::: zone pivot="programming-language-csharp,programming-language-javascript,programming-language-python"
547547
The `CommandText` property is the name of the table where the data is to be stored. The connection string setting name corresponds to the application setting that contains the [connection string](/dotnet/api/microsoft.data.sqlclient.sqlconnection.connectionstring?view=sqlclient-dotnet-core-3.1&preserve-view=true#Microsoft_Data_SqlClient_SqlConnection_ConnectionString) to the Azure SQL or SQL Server instance.
548548

549+
The output bindings uses the T-SQL [MERGE](/sql/t-sql/statements/merge-transact-sql) statement which requires [SELECT](/sql/t-sql/statements/merge-transact-sql#permissions) permissions on the target database.
550+
549551
::: zone-end
550552

551553
## Next steps

0 commit comments

Comments
 (0)