Im using such a query in my stored procedure \[code\]SET @Statement ='SELECT Id,Title,Content,Status,ROW_NUMBER() OVER (ORDER BY ' + @Sort + ') AS StudentReport FROM YearBook WHERE ' + @Criteria + ') AS ArticleNumber WHERE StudentReport> ' + CONVERT(NVARCHAR, @StartRowIndex) + ' AND StudentReport<= (' + CONVERT(NVARCHAR, @StartRowIndex + @MaximumRows);\[/code\]Just want to know whether its possible to do sql injection to this stored procedure. If yes, how can i prevent it? Need Help !!!
Is sql injection possible in stored procedures with text param?
- Thread starter kacey
- Start date