Validate Dynamic SQL to Prevent SQL Injection in SQL Server
Learn some tips on how to validate that the values passed into a process that builds dynamic SQL are valid prior to running the dynamic code.
SQL Injection
SQL injection is a bad thing so learn how to protect your databases with these important tips.
Protecting Yourself from SQL Injection in SQL Server – Part 2
In my last tip, I showed how to validate and protect yourself from user-supplied input instead of blindly concatenating the values into dynamic SQL strings. In this tip, we look at other common scenarios for SQL injection and how to prevent it.
Protecting Yourself from SQL Injection in SQL Server – Part 1
Many of us are using dynamic SQL because we have requirements that dictate runtime choice - allowing the user to select the columns, or table name, or even entire where clauses. There are different ways to implement dynamic SQL, and some are more prone to
Using Triggers to Mitigate Some SQL Injection Effects
I support a web application and we've determined is vulnerable to SQL injection. Unfortunately, there's no real ability to modify the application in a timely manner and we can't take it down. In this tip we show what can be done to help mitigate some SQL
Recover from a SQL Injection Attack on SQL Server
Lately it seems like SQL Injection attacks have been increasing. Recently our team has worked through resolving a few different SQL Injection attacks across a variety of web sites. Each of these attacks had a number of similarities which proved to point