Ars Technica

DB Security & Dynamic SQL

As part of implementing a security model for our application, we've enforced schema security such that our application can only call stored procs, views, and UDFs. This helps prevent sql injection , ...
dbta

Dynamic SQL: On the Rise

Have you noticed that dynamic SQL is more popular today than ever before? There are a number of factors contributing to the success of dynamic SQL. Commercial off-the-shelf applications, such as SAP, ...
Visual Studio Magazine

Dynamic Data Access with Plain Old SQL and SqlQuery

You don't have to give up using dynamic SQL just because you're using Entity Framework. The Entity Framework SqlQuery method will give you back the flexibility of dynamic SQL and still let you work ...
Ars Technica

Dynamic SQL Problem

Howdy,<BR><BR>Using MS SQL Server.<BR><BR>I've created a stored procedure to handle some things so the program doing the entry can be stupid, which is ideal. The problem is I'm sending table names as ...
dbta

Harden Your Applications to Combat SQL Injection

An important aspect of database security is designing your applications to avoid SQL injection attacks. SQL injection is a form of web hacking whereby SQL statements are specified in the fields of a ...