Advertisements
Home > Interesting Reads > To SP or not to SP in SQL Server

To SP or not to SP in SQL Server

Just read this article, I am stronge following to SPs. Of of the points highlighted in this were a bit of suprise to me.

Using SPs make it more likely that you will pass parameters the
right way, but there is no guarantee.


I thought it is possible to do it in SPs when I saw an SP like:

CREATE PROCEDURE sp_ExecSQL
@SQLStatement varchar(8000)
AS
EXEC @SQLStatement
GO

I talked to the developer about this, they did this so they wouldn’t have to create SPs for all the adhoc code they have, and they were kind of trying to follow the rule only code gets exectued by means of stored procedures.

But according to Douglas, it is pobbile to do it other ways. I would like to find other ways to do SQL Injection, not to execute it but to understand SQL Injection in further depth.

Ref Link: http://www.developerfusion.co.uk/show/4708/1/

Advertisements
Categories: Interesting Reads
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: