Home
Help
Register
Log in

Search

  
   Active Threads  

You are here: Home > FAQ > Generated code FAQ> Is the generated code vulnerable to SQL injection attacks?
 

Pages: 1
Generated code FAQ
Is the generated code vulnerable to SQL injection attacks? 		Page:1/1 

  Print all messages in this thread  
Poster Message
Aglaia
LLBLGen Pro Team



Location:
Scheveningen, The Netherlands
Joined on:
07-Sep-2003 21:16:00
Posted:
533 posts
# Posted on: 21-Aug-2007 13:18:56.  
Question:
LLBLGen Pro generates SQL on the fly and doesn't use stored procedures to do its database operations. Aren't these queries vulnerable for SQL injection attacks?

Solution:
All SQL generated by LLBLGen Pro is parameterized. This means that no values are embedded into the SQL query being generated. Due to the parameters, a value can never influence the query being executed, as the value will never be part of the query itself, but just a value of a parameter. The generated code is therefore not vulnerable for SQL injection attacks.
Aglaia Kuipers, The LLBLGen Pro Team

Join the LLBLGen Pro support team!  		Top
Pages: 1  

Powered by HnD ©2002-2007 Solutions Design
HnD uses LLBLGen Pro

Version: 2.1.12172008 Final.