Note that you must considered the sql injection possibility. Now the only thing you have to worry about is if someone is able to create tables and can create a table named sys.objects DROP TABLE foo - but if you have someone you don't trust but has the ability to create tables in your database. Of course this dynamically built t-sql statement or sql code can contain input / output parameters. Protecting Yourself from SQL Injection - Part 2.Protecting Yourself from SQL Injection - Part 1. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |