stored procedures are immune to SQL injection attacks."
One sidenote, it is possible to use SQL Injection attacks on SQL Server
while still using stored procedures. For example using Full Text
Indexing commands, it is fairly simple to provide a SQL injection as a
parameter of the full text search commands. It also depends on how you
build up the thing.
Micha Schopman
Software Engineer
Modern Media, Databankweg 12 M, 3821 AL Amersfoort
Tel 033-4535377, Fax 033-4535388
KvK Amersfoort 39081679, Rabo 39.48.05.380
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
