Comments on: Passing a database name as a stored procedure parameter http://itknowledgeexchange.techtarget.com/itanswers/passing-a-database-name-as-a-stored-procedure-parameter/ Fri, 24 May 2013 04:11:53 +0000 hourly 1 By: TomLiotta http://itknowledgeexchange.techtarget.com/itanswers/passing-a-database-name-as-a-stored-procedure-parameter/#comment-111667 TomLiotta Mon, 01 Oct 2012 06:20:45 +0000 #comment-111667 How can we restrict the SQL injection…
 
You do it using the same techniques that restrict “SQL injection” in any cirucumstances. You validate the parameter values with your code. You write the code to ensure that only parameter values that you define as acceptable are used.
 
Tom

]]> By: jaimie http://itknowledgeexchange.techtarget.com/itanswers/passing-a-database-name-as-a-stored-procedure-parameter/#comment-111664 jaimie Mon, 01 Oct 2012 06:01:58 +0000 #comment-111664 How can we restrict the SQL injection in the above said description.

Jaimie El Rohi Nelaturi.

]]> By: mrdenny http://itknowledgeexchange.techtarget.com/itanswers/passing-a-database-name-as-a-stored-procedure-parameter/#comment-52269 mrdenny Wed, 12 Mar 2008 06:51:21 +0000 #comment-52269 Check out my SQL Server blog “SQL Server with Mr Denny” for more SQL Server information.

]]>