Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Examples of SQL injection even when using SQLParameter in .NET?

I heard that SQL Injection can still be possible when using ADO.NET SQLParameter (paramterised query) for SQL Server.

I am looking for real examples in C#/VB code as proof.

EDIT: I am looking for SPECIFIC working examples. Not introductions to sql injection or how to prevent it.

like image 836
Tony_Henrich Avatar asked Mar 01 '23 07:03

Tony_Henrich


1 Answers

If you're creating a statement in a stored proc and using sp_executesql, a parameterized query is a false safety net.

like image 68
Austin Salonen Avatar answered Mar 03 '23 06:03

Austin Salonen