SQL Injection: Common Mistake

Posted by on September 1, 2010 · Comments Off on SQL Injection: Common Mistake
Filed under: Security 

One of the most common suggestions for remediating SQL Injection vulnerabilities is to use stored procedures.  Using stored procedures can help decrease the risk of SQL Injection, but if implemented incorrectly, it can create a false sense of security.  For example, look at the created stored procedure below: CREATE PROCEDURE dbo.usp_IsValidUser ( @UserName ...