4
votes
Vote UpVote

SQL Injection - Stored Procedures

Rob's Technology Corner – Security needs to be multiple levels deep. At one point in time several years ago there was a trend to have all websites code use stored procedures. I heard developers say it prevented SQL Injection.If the database you use allows you to build SQL statements with a string dynamically at run time in a stored procedure then you can have SQL injection in a Stored Procedure.   Each Database slightly different syntax and guidelines:Oracle  (See Page 12)PostgesSQL SQL ServerIn short: If your doing dynamic SQL inside your Stored Procedures you will have validate the input otherwise ...
Favorite? Off-Topic? Robert Love @ 2016-04-19 18:05

Statistics

Visits: 1118
Votes: 4
Favorites: 1
Off-Topic: 0

Visits by Source

User Actions

Users who voted for this posting

Alister Christie
Barton_Stano
Ph. B.
Radosław Kokoć
Subscribe:
Contact us to advertise on DelphiFeeds.com

Community Links

Torry Firebird News

Sponsor

 
Please login or register to use this functionality.
(click on this box to dismiss)