Avoiding SQL Injections

[Guest]

Is the single act of using stored procedures (in place of dynamic SQL) the
only thing you have to do to prevent SQL injection attacks?

Thank you,

Eric

 

[William \(Bill\) Vaughn]

SQL injection attacks can also be caused by stored procedures that use
EXECUTE SQL commands.

--
____________________________________
William (Bill) Vaughn
Author, Mentor, Consultant
Microsoft MVP
www.betav.com/blog/billva
www.betav.com
Please reply only to the newsgroup so that others can benefit.
This posting is provided "AS IS" with no warranties, and confers no rights.
__________________________________

 

[Jim Hughes]

You can also use Dynamic SQL with parameters as described at
http://www.knowdotnet.com/articles/dynamicsqlparameters.html without using
stored procedures.

 

[Guest]

Good points. Thank you, Jim and Bill.

Eric