0

To fight against SQL injection risks, I would like to check for hardcoded values (string, dates, boolean, numeric) in SQL statement using SQL Server Profiler 2012. The problem is that there is too much statements to read those one by one.

Do you see a way to filter all my statements and get only those with hardcoded values?

NLemay
  • 2,331
  • 3
  • 29
  • 45
  • I doubt it's a good idea. To fight against SQL injection risks you have to focus on formatting your queries. – Your Common Sense Apr 10 '14 at 14:24
  • I totally agree that this is the best way to get rid of SQL Injection. But for now I don't have enough time (my app is huge). – NLemay Apr 10 '14 at 14:28

0 Answers0