Tech Support Websites

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Monday, 6 February 2012

Just using stored procedures doesn't prevent SQL Injection; use parameterized stored procedures

Posted on 21:47 by Unknown
This answer in dba.stackexchange.com puts in nicely -
Whether you use SQL statements or stored procedure doesn't matter. What matters is whether your SQL uses parameters or concatenated strings. Parameters prevent SQL injection; concatenated strings allow SQL injection.

The OWASP wiki has a more detailed explanation

The Stack Exchange family of websites lets you sort & view top voted questions in a specific area of interest identified through tags. They provide a RSS feed that you can keep following through a RSS Feed Reader like Google Reader, to stay abreast of hot questions in your favorite programming area.

The RSS feed for the top voted questions with the sql-injection tag on dba.stackexchange.com looks like this - http://dba.stackexchange.com/feeds/tag?tagnames=sql-injection&sort=votes
Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Posted in Security, SQL Server | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • Dashboard-like info with Browser tabs, Windows 7 Taskbar tabs
    Browser tabs & Windows 7 Taskbar tabs are turning self-aware.  This is how my browser looked the other day: I had the summary of all tha...
  • Windows 8 keyboard shortcuts
    Win + X   - context menu to access common features like Control Panel, Task Manager, File Explorer, Programs & Features, Run, Search etc...
  • The State Of HTML5 Video
    Key points from the  The State Of HTML5 Video  report by LongTailVideo (last updated on April 19, 2012): 75% of the desktop & mobile bro...
  • TWIL - Week #3
    This Week I Learned: New Azure VM Image Templates include SQL Server, BizTalk Server, and SharePoint Server (2013?) images . This can be han...
  • Archive tweets & favorites with Google Reader
    There are numerous ways to archive tweets but rather than use yet another tool, I prefer using Google Reader to preserve the tweets I mark ...
  • What is the difference between Browser Mode & Document Mode in IE
    If you're a web developer and your job actively involves building web pages that work the same in all browsers including the last three ...
  • My first impressions of Nexus 7 tablet
    I've been using the Nexus 7 (Wi-Fi, 16 GB) tablet for the last ten days and I'm impressed. I plan to use it primarily as an e-book ...
  • TWIL - Week #29
    This Week I Learned: Browsers: The auto-fill feature in Chrome also fills hidden fields . Like in Nigeria, the top three browsers in India (...
  • HOW TO dynamically generate a Word document with custom header & footer
    Way back in 2004, a project I was working on required a web page to be exported as a Word document (.DOC). Without relying on any components...
  • Indian comparison shopping sites
    Did you know, India has 120 million Internet users & the Indian e-commerce market is worth $7 billion ?  Travel accounts for over 80 per...

Categories

  • AJAX
  • Android
  • APIs
  • App
  • ASP
  • ASP.NET
  • ASP.NET-MVC
  • Azure
  • Azure SQL Database
  • AzureInPictures
  • Bing
  • Book Review
  • Bookmarklet
  • Browsers
  • C#
  • chart
  • Chrome
  • Cloud
  • CSS
  • CSS3
  • DidYouKnow
  • E-Commerce
  • Excel
  • FB
  • Fiddler
  • Firefox
  • Gadgets
  • GeoLocation
  • GMail
  • Google
  • Google Docs
  • Google Reader
  • Health
  • Hotmail
  • HOWTO
  • HTML
  • HTML/CSS
  • HTML5
  • Humor
  • Hyderabad
  • IE
  • IIS
  • India
  • Internet
  • IT
  • Javascript
  • jQuery
  • JSON
  • JSONP
  • Laptop
  • Learning Resources
  • Lists
  • Map
  • Metrics
  • Microsoft
  • miscellaneous
  • Mobile
  • NAPA
  • Office365
  • Opera
  • PDF
  • Performance
  • Personal
  • PHP
  • PM
  • PowerShell
  • Privacy
  • Programming
  • Rant
  • Safari
  • Science
  • Search Engines
  • SearchEngines
  • Security
  • SEO
  • Sharepoint
  • SharePoint2013
  • Silverlight
  • Software Engineering
  • Solutions
  • SQL Azure
  • SQL Server
  • TFS
  • Tip
  • Tips
  • Tools
  • Tools/Utilities
  • Trivia
  • TWIL
  • Twitter
  • UX
  • VM
  • VS.NET
  • VS2010
  • VS2012
  • WCF
  • WebApps
  • Websites
  • WF
  • Windows Phone
  • Windows7
  • Windows8
  • Word
  • WP7
  • WPF

Blog Archive

  • ►  2013 (112)
    • ►  October (16)
    • ►  September (14)
    • ►  August (8)
    • ►  July (8)
    • ►  June (13)
    • ►  May (12)
    • ►  April (12)
    • ►  March (8)
    • ►  February (15)
    • ►  January (6)
  • ▼  2012 (127)
    • ►  December (11)
    • ►  November (14)
    • ►  October (13)
    • ►  September (14)
    • ►  August (16)
    • ►  July (16)
    • ►  June (6)
    • ►  May (5)
    • ►  April (11)
    • ►  March (12)
    • ▼  February (7)
      • Technical stats & info about IRCTC - India's large...
      • HOW TO link directly to a certain part of a web pa...
      • Free online services to find what a site is runnin...
      • Online IDEs for C# - frill free Visual Studio alte...
      • Beware of breaking changes in jQuery library versions
      • Just using stored procedures doesn't prevent SQL I...
      • Sample SQL Server database scripts
    • ►  January (2)
  • ►  2011 (98)
    • ►  December (5)
    • ►  November (2)
    • ►  October (5)
    • ►  September (7)
    • ►  August (7)
    • ►  July (15)
    • ►  June (10)
    • ►  May (7)
    • ►  April (8)
    • ►  March (10)
    • ►  February (11)
    • ►  January (11)
  • ►  2010 (163)
    • ►  December (14)
    • ►  November (19)
    • ►  October (19)
    • ►  September (15)
    • ►  August (18)
    • ►  July (17)
    • ►  June (20)
    • ►  May (17)
    • ►  April (19)
    • ►  March (5)
Powered by Blogger.

About Me

Unknown
View my complete profile