On Tue, 4 Nov 2003 16:53:22 -0800, "Stan Prosedur" <St**@Prosedur.com>
wrote:
Is SQL injection an issue with SP's?
Sure. Anytime a SP accepts a parameter and the parameter can be
entered as an injection routine, it's a factor. The normal SQL
injection fixes work as well, escaping single quotes, etc.
Jeff