|
-
November 17th, 2008, 02:09 PM
#6
Re: C# must have a bug
 Originally Posted by MadHatter
sql injections can happen anywhere. you can write an SQL statement the same way, you can pass parameters to a sproc the same way. you can shoot your foot off the same way.
1) They can NOT happen "anywhere" they can only occur if you are dynamically building SQL Statements.
Therefore
a) The code you quoted CAN NOT have a SQL Injection Attach Exposure.
b) An application using exclusively stored procedures also CAN NOT BE WRITTEN such that the APPLICATION exposes the database to SQL Injection. [This does NOT preclude errors on the part of the DBA writing the stored procedures, but that is not done in the context of the Application or even (in 99.99% of the cases) in managed code of any language.
TheCPUWizard is a registered trademark, all rights reserved. (If this post was helpful, please RATE it!)
 2008, 2009,2010
In theory, there is no difference between theory and practice; in practice there is.
* Join the fight, refuse to respond to posts that contain code outside of [code] ... [/code] tags. See here for instructions 
* How NOT to post a question here 
* Of course you read this carefully before you posted 
* Need homework help? Read this first 
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|
Reply With Quote
