Jeff Smith Blog

Random Thoughts & Cartesian Products with Microsoft SQL Server

Vulnerable to SQL Injection?

One of the things that troubles me most about SQL Injection is that is seems it is still very misunderstood. Is the following psuedo-code vulnerable to SQL Injection? String SearchTerm = {some user input here, unvalidated and unscrubbed -- uh oh ! Read more →