SQL Injection EXECUTE\EXEC\SP_EXECUTE : Code Review

This review is around the misue of EXECUTE\EXEC\SP_EXECUTE in stored procedures. To find the at risk stored procedures run the query below: SELECT DISTINCT o.name AS Object_Name, o.type_desc FROM sys.sql_modules m INNER JOIN sys.objects o ON m.object_id = o.object_id WHERE m.definition Like ‘%exec%’; Then scan the contents of anything returned. 95% will be eliminated with […]