How does use of sp_executesql with parameters protect against SQL injection? – Database …

Because the dynamic code uses parameters rather than injecting the constants into the code, it is not exposed to SQL injection attacks.

Related:

  • No Related Posts

Leave a Reply