Thursday, October 26, 2017
Friday, September 15, 2017
Wednesday, August 16, 2017
Like not vulnerable to injection
create table #test (name varchar(100))
insert into #test values ('fgdgfdfg'),('cxvxbcvb'),('tryuryry')
declare @like varchar(100) = 'f; select * from #test --'
select * from #test where name like @like + '%'
drop table #test
insert into #test values ('fgdgfdfg'),('cxvxbcvb'),('tryuryry')
declare @like varchar(100) = 'f; select * from #test --'
select * from #test where name like @like + '%'
drop table #test
Friday, June 30, 2017
using like in dynamic sql parameters
add the '%' top the parameter value
set @p_SUBJECT = '%' + @p_SUBJECT + '%'
set @p_SUBJECT = '%' + @p_SUBJECT + '%'
Tuesday, June 20, 2017
Thursday, June 15, 2017
Subscribe to:
Comments (Atom)