Sp_executesql and sql injection

Level Extreme platform

Subscription

Corporate profile

Products & Services

Support

Legal

Français

Sp_executesql and sql injection

Message

From

26/05/2011 11:08:49

Mike Yearwood
Toronto, Ontario, Canada

18/05/2011 09:22:27

Naomi Nosonovsky
Wisconsin, United States

General information

Forum:

Microsoft SQL Server

Category:

Stored procedures, Triggers, UDFs

Title:

Re: Sp_executesql and sql injection

Environment versions

SQL Server:

SQL Server 2008

Application:

Web

Miscellaneous

Thread ID:

01510894

Message ID:

01511833

Views:

>I don't see a need to pull up a dirty accusation. My original reply was clear enough and I do know difference between passing parameters and embedding them into a string.
>
>So please stop answering me with this nonsense.

I wasn't talking to you in the first place. I don't associate with proven criminals, despite what the liberals feel.

Map

View

Click here to load this message in the networking platform