THE SQL Server Blog Spot on the Web

Welcome to SQLblog.com - The SQL Server blog spot on the web Sign in | |
in Search

Rob Farley

- Owner/Principal with LobsterPot Solutions (a MS Gold Partner consulting firm), Microsoft Certified Master, Microsoft MVP (SQL Server), APS/PDW trainer and leader of the SQL User Group in Adelaide, Australia. Rob is a former director of PASS, and provides consulting and training courses around the world in SQL Server and BI topics.

SQL Injection – the golden rule

Hi! - Great that you've found this page, but it's no longer here! You can find the content over at: http://blogs.lobsterpot.com.au/2015/02/10/sql-injection-the-golden-rule/

Published Tuesday, February 10, 2015 11:32 AM by Rob Farley

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Comments

 

pmbAustin said:

Excellent post, thanks for this!  I'll be sharing this page liberally :-)

February 13, 2015 11:35 AM
 

KRK said:

Succinct Quote to explain SQL Injection.

Thank you.

February 19, 2015 6:45 PM
 

Rich said:

Found a couple of typos in your code that prevent it from executing:

"where object_id = object_id(@tablename) and name = @fitercol; "

should be @filtercol (mising the "l")

and I believe you'll need an "N" in the sp_executesql statement for the parameter @val, as sp_executesql requires Unicode parameters.

February 20, 2015 9:54 AM
 

Rob Farley said:

Ah yes. Thanks Rich. :)

February 20, 2015 8:37 PM

Leave a Comment

(required) 
(required) 
Submit

This Blog

Syndication

Tags

No tags have been created or used yet.

News

News? Haven't you read my blog?

My Company


Can't find something?

Contact Me

IM: rob_farley@hotmail.com
Twitter: @rob_farley
Skype: rob_farley
E: rob_farley@hotmail.com

MVP (SQL Server)




Certifications








Adelaide SQL UG

Privacy Statement