We are excited to announce that the IIS.NET Forums are moving to the new Microsoft Q&A experience. Learn more >

View Complete Thread
  • Re: Anyone know about www.nihaorr1.com/1.js?

    Apr 25, 2008 05:12 PM|steve schofield|LINK

    Prepared statements generally are stored procedures, at least that is my understanding.  Dynamic SQL type pages can be exposed to sql injection attacks.  Of course if the stored procedure takes input without being validated, it can be also.  But is one layer deeper.  Only good error coding can prevent it. 

    Steve Schofield
    Windows Server MVP - IIS
    http://iislogs.com/steveschofield
    http://www.IISLogs.com
    Log archival solution
    Install, Configure, Forget