Home Forums SQL Server 2008 SQL Server Newbies Is this Vulnerable for SQL injection?.. RE: Is this Vulnerable for SQL injection?..
Mikael Eriksson SE
SSCommitted
Points: 1706
More actions
September 26, 2013 at 1:54 am
#1653439
You should use sp_executesql with parameters.
Have a look at The Curse and Blessings of Dynamic SQL for a bit more info.