By Admin at 4 Nov 2014, 11:17 AM

Addressing Code Injection Risk

If you have a query that you want to execute often, you might want to make a stored procedure out of it. Stored procedures help to avoid SQL injection.

SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application.

Creating a procedure also means that the SQL script is logically separated from other parts of the application. This often helps in the maintenance of a project. To create a stored procedure, please do the following:

1. Type “Create procedure” then provide the name of the procedure. (Note: if you are altering an existing table, please use the Alter keyword instead of create.)
2. Add the parameters that you are going to use (Note: These are in parentheses.)
3. These are the variables that are to be used within the query.
4. When you call the query, you must supply these variables.
5. Add the keyword “as” after you close the parentheses for the parameters.
6. Insert the SQL query.
7. Run this query using F5 or the Execute Button.