Viewing 2 posts - 1 through 3 (of 3 total)
Modifications:
1. Create a "new" ADO.NET connection
2. Removed the "EXECUTE" from SQL Statement: golder.sp_ArcGISTool_AggregrateBy_DateSiteAndUser
3. Assigned Parameter Size: 128 to Parameter Name: @p_ServerName
4. Assigned Parameter Size: -1 to...
February 19, 2012 at 1:37 pm
#1449013
Yes ... The stored procedure executes dynamic SQL with SQL injection! It has 14 optional input parameters & 1 output parameter.
CREATE PROCEDURE [golder].[sp_ArcGISTool_AggregrateBy_DateSiteAndUser]
(
@p_ServerName...
February 19, 2012 at 9:28 am
#1448993