GitHub

[Bug]: Crash in dynamic sql using sql_variant parameter

There is a crash when using dynamic sql with sql_variant parameters on the second execution of the dynamic SQL in a batch. exec sp_executesql N'select @P union select @P', N'@P sql_variant', 1; exec ...
IEEE

Research of SQL injection attack and prevention technology

Abstract: SQL injection attack is one of the most serious security vulnerabilities in Web application system, most of these vulnerabilities are caused by lack of input validation and SQL parameters ...
Microsoft

Call SQL Server stored procedures directly in Power Fx (Preview)

We are excited to announce that you can now directly call SQL Server stored procedures in Power Fx. You no longer need to call a Power Automate Flow to use a stored procedure. This feature is in ...
GitHub

How to fill in parameters with Mybatis dynamic SQL through the Mybatis interceptor

encountered a problem using mybatis dynamic SQL. The mybatis interceptor I wrote couldn't obtain the parameters for value passing for data filling, and the invoice. getArgs() [1] parameter layer ...
IEEE

Summary of Combinatorial Methods for Dynamic Gray-Box SQL Injection Testing

Abstract: In a recent work [1], we present an extended and enhanced gray-box combinatorial security testing methodology for SQL injection vulnerabilities in web applications. It proposes novel attack ...
Microsoft

Azure Active Directory authentication for SQL Server 2022

For more details, see Azure Active Directory (Azure AD) authentication for SQL Server overview. The new authentication mode using Azure AD is based on the central authentication repository provided ...