Brendan Vogt wrote:
But aren't stored procedures good to use to prevent sql injection attacks? So what does it implement instead of stored procedures?
Because the User Interface does not talk directly to the database. This is not a perl or PHP script.Its more like a VCR playing back a tape. The machine knows to play back the tape or record, but what's recorded on it can't pause, stop, or rewind the tape.
http://www.securityfocus.com/bid/21529
