How Do Stored Procedures Prevent Sql Injection?
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Stored procedures are pre-compiled and parameterized. This means that when a stored procedure is executed, only the parameters are passed to the server, not the actual SQL query. This prevents malicious user input from being treated as part of the query, and so prevents SQL injection attacks.