Rob's Technology Corner – Security needs to be multiple levels deep. At one point in time several years ago there was a trend to have all websites code use stored procedures. I heard developers say it prevented SQL Injection.If the database you use allows you to build SQL statements with a string dynamically at run time in a stored procedure then you can have SQL injection in a Stored Procedure. Each Database slightly different syntax and guidelines:Oracle (See Page 12)PostgesSQL SQL ServerIn short: If your doing dynamic SQL inside your Stored Procedures you will have validate the input otherwise ...
Visits by Source
Users who voted for this posting