You are here: SQLInjection with OpenXML « MsSQL Server « IT news, forums, messages
SQLInjection with OpenXML

Posted by figital on 03/09/06 17:07

I am researching the use of OpenXml for doing mass updates/inserts.

Does anyone know how this procedure works as far as sql injection is
concerned? I've always been taught to use sp's with parameters...does
using OpenXML open up any holes in that idea?

My thinking is that it would be fine (maybe even better), because the
fields will still be treated as literals.

Alternatively, are there any other suggestions for doing massive
amounts of updates/inserts?

 

Navigation:

[Reply to this message]
Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация