Home Forums SQL Server 2008 T-SQL (SS2K8) forming a dynamic query RE: forming a dynamic query
homebrew01
SSC Guru
Points: 55539
More actions
May 7, 2014 at 8:54 am
#1711540
How would the hacker pass that variable to the stored procedure ? If it's part of a form on a website, then hackers can enter character strings. But if the procedure is deeper in the application ??