Home Forums SQL Server 2012 SQL Server 2012 - T-SQL Is there a way to identify dynamic sql that may be vulnerable to sql injection? RE: Is there a way to identify dynamic sql that may be vulnerable to sql injection?

  • January 3, 2018 at 6:33 am

    #1974208

    HappyGeek - Wednesday, January 3, 2018 6:30 AM

    A starting point may be to query stored procedures for the existence of sp_executeSQL.

    A lot of people, however, tend to use EXEC(@SQL) which'll be missed.

    Thom~

    Excuse my typos and sometimes awful grammar. My fingers work faster than my brain does.
    Larnu.uk