Edit - Stack Overflow

You are not logged in. Your edit will be placed in a queue until it is peer reviewed.

We welcome edits that make the post easier to understand and more valuable for readers. Because community members review edits, please try to make the post substantially better than how you found it, for example, by fixing grammar or adding additional resources and hyperlinks.

Ok, how to do SQL injection using parameters?

John Saunders
– John Saunders

2009-05-26 13:21:07 +00:00
Commented May 26, 2009 at 13:21
@Saunders: Step 1 is to find a buffer overflow bug in the parameter-handling functionality of your DB.

Brian
– Brian

2009-05-26 15:04:29 +00:00
Commented May 26, 2009 at 15:04
2

Found one yet? In a commercial DB that's being pounded on by hundreds of thousands of hackers daily? One made by a software company known to have very deep pockets? You'd be able to quote the lawsuit by name if this were possible.

John Saunders
– John Saunders

2009-05-26 16:27:35 +00:00
Commented May 26, 2009 at 16:27
1

Of course, if the SPROC uses concatenation and EXEC (instead of sp_ExecuteSQL) you're back in trouble... (I've seen it done wrong too many times to discount it...)

Marc Gravell
– Marc Gravell

2009-05-27 06:57:53 +00:00
Commented May 27, 2009 at 6:57

Add a comment |

Correct minor typos or mistakes
Clarify meaning without changing it
Add related resources or links
Always respect the author’s intent
Don’t use edits to reply to the author

create code fences with backticks ` or tildes ~
```
like so
```
add language identifier to highlight code
```python
def function(foo):
print(foo)
```
put returns between paragraphs
for linebreak add 2 spaces at end
_italic_ or **bold**
indent code by 4 spaces
backtick escapes `like _so_`
quote by placing > at start of line
to make links (use https whenever possible)

<https://example.com>

[example](https://example.com)

<a href="https://example.com">example</a>

formatting help »
answering help »

Collectives™ on Stack Overflow