I knew about the second link, however it seems to be only discussing ways to get a password for a user account. Once you have a password for an account with the permissions you need then you can simply by pass the stored procedure and do what you want.

My answer was focused at the stored procedure level (I don't always look at the big picture). Once inside a stored procedure I know of no other way to do an injection attack except the one I mentioned. You will forgive my lack of knowledge in this area, if there is another way I would love to know about it so that I can protect against it.

With that in mind I don't think that nesting stored procedures would help protect against inection attacks unless you have something other than what I thought of in mind.

Can you tell me specifically where to go at the first site to find something about injection attacks?

Robert W. Marda

SQL Programmer

bigdough.com

The world’s leading capital markets contact database and software platform.