That was my question too. It looked like to use those injection attacks the user would have to have access similar to Query Analyzer. What is the best way to prevent this kind of injection attack? Are there ways to make sure the door closes before the injected SQL can get attached?

Robert W. Marda

SQL Programmer

bigdough.com

The world’s leading capital markets contact database and software platform.