Dynamic SQL pp 21-38 | Cite as

Protecting Against SQL Injection

  • Edward Pollack


There are few SQL vulnerabilities as commonly exploited as SQL injection. This form of database attack has destroyed companies and ruined careers, and is a constant challenge for database administrators. As a database professional, data is your greatest asset, and it is your responsibility to guard it above all else. SQL injection is not limited only to Dynamic SQL, but is a technique that can be applied to many areas of SQL Server. Therefore, understanding and defending against it are the most important priorities when considering SQL Server security.


Error Message Malicious Code Malicious User Parameter List Credit Card Number 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Copyright information

© Ed Pollack 2016

Authors and Affiliations

  • Edward Pollack
    • 1
  1. 1.AlbanyUSA

Personalised recommendations