SQL injection .NET
(Web Development) Keywords: sql
The pentesters told use that the following code is vulnerable to SQL injection in our e-store:
create procedure dbo.uspBeAfraidBeVeryAfraid ( @p1 varchar(64) )
SET NOCOUNT ON
declare @sql varchar(512)
set @sql = 'select * from ' + @p1
How I should fix the issue?