Home Forums SQL Server 2005 Development stored procedure with optional parameters RE: stored procedure with optional parameters

  • April 14, 2010 at 4:19 am

    #1151203

    mtaylor7210 63514 (4/13/2010)

    True but anytime you are taking parameters you open yourself up to injection.

    No, I believe you are mistaken.

    Please explain why you think using parameterized stored procedures opens you up to SQL injection?

    Unless, of course, you use those parameters to create dynamic SQL.

    Nigel
    How to post questions