Home Forums SQL Server 7,2000 T-SQL Plugging in a variable column name in a stored procedure RE: Plugging in a variable column name in a stored procedure

  • August 6, 2013 at 10:42 am

    #1639024

    Before you decide to go and intentionally write code that's vulnerable to SQL injection, maybe take a read through these.

    http://www.computerworld.com/s/article/9241084/SQL_flaws_remain_an_Achilles_heel_for_IT_security_groups

    http://www.troyhunt.com/2013/07/everything-you-wanted-to-know-about-sql.html

    Gail Shaw
    Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
    SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

    We walk in the dark places no others will enter
    We stand on the bridge and no one may pass