03 August 2007 10:16
tonyrogerson
Great SQL Injection Video on YouTube
You'll like this; always worth getting your dev team to watch just how stupid you can look if you code and allow SQL injection in.
Always parameterise or preferably use stored procedures; if using dynamic SQL always try and parameterise and if you can't always make sure you handle apostrophes properly.
Take a look: http://uk.youtube.com/watch?v=MJNJjh4jORY
Filed under: SQL Server