Aglaia
LLBLGen Pro Team
Location: Scheveningen, The Netherlands
Joined on: 07-Sep-2003 21:16:00
Posted: 533 posts
|
Question: LLBLGen Pro generates SQL on the fly and doesn't use stored procedures to do its database operations. Aren't these queries vulnerable for SQL injection attacks?
Solution: All SQL generated by LLBLGen Pro is parameterized. This means that no values are embedded into the SQL query being generated. Due to the parameters, a value can never influence the query being executed, as the value will never be part of the query itself, but just a value of a parameter. The generated code is therefore not vulnerable for SQL injection attacks.
|
|