From a security point of view, is accepting wildcards like "%" in
input parameters of stored procedures against any best practices?
As an example, if a user defined function uses "Productnam e LIKE
@ProductName" in WHERE clause of a select statement, and a stored
procedure uses the user defined function while passing @ProductName
input parameter to the user defined function, is there any security...
2 results in 0.0040 seconds.
-
Guest started a topic Accepting wildcards like % in input parameters of stored proceduresin SQL ServerAccepting wildcards like % in input parameters of stored procedures
-
Using wildcards in query input
In a query I have put the following criteria in a field:
[enter last name]
Now I would like the query to use this user input to search with wildcards.
So, if he enters john, in fact the query should search like:
*john*
Is that possible?
Thanks,
john...