Home Forums SQL Server 2012 SQL Server 2012 - T-SQL Is there a way to identify dynamic sql that may be vulnerable to sql injection? RE: Is there a way to identify dynamic sql that may be vulnerable to sql injection?
HappyGeek
SSCoach
Points: 18726
More actions
January 3, 2018 at 7:02 am
#1974215
Thom A - Wednesday, January 3, 2018 6:33 AMHappyGeek - Wednesday, January 3, 2018 6:30 AMA starting point may be to query stored procedures for the existence of sp_executeSQL.A lot of people, however, tend to use EXEC(@SQL) which'll be missed.
HappyGeek - Wednesday, January 3, 2018 6:30 AMA starting point may be to query stored procedures for the existence of sp_executeSQL.
A lot of people, however, tend to use EXEC(@SQL) which'll be missed.
Tom you are of course correct, it did occur to me, I hoped the OP would have picked up on that too, it was offered purely as a starting point.
...