Injection Attacks
There are 1 entries for the tag
Injection Attacks
As I look around the net at different articles and tutorials I'm surprised at how many use Dynamic SQL for samples. Even after the many warnings about SQL injection attacks. But there are other issues besides security. One of which is performance - dynamic SQL performs very poorly when not used properly. So I decided to write an article pointing out how poorly dynamic SQL can be if improperly used. I hope it will convince some to change how they write their client SQL code. Here's the link:http://www.codeproject.com/cs/database/ParameterizingAdHocSQL.aspI might even write another article that expands on this idea to put...