Home Forums Article Discussions Article Discussions by Author Discuss Content Posted by Brian Kelley Stored Procedures and SQL Injection RE: Stored Procedures and SQL Injection

  • February 18, 2013 at 7:06 am

    #1588836

    Once upon a time, we had some old code that did not account for SQL Injection attacks. And then it happend.

    People could not understand why the titles on our external web pages were changing or being deleted.

    These pages were database driven through the use of an administative front-end for the users.

    I put a few insert and update triggers on a few tables, and what do you know, a couple days later we find out someone is passing SQL statements into a field that for some reason was aimed at changing the titles on our web pages.

    These pages were changed to use stored procedures.

    Now, if only everyone was on board for doing this on our Intranet as well....