Home
Dynamically executing code is security-sensitive
Rule description
- Dynamically executing code is security-sensitive
Non-compliant Code Example
USE master; declare @Id int; EXEC ('USE AdventureWorks2012; SELECT BusinessEntityID, JobTitle FROM HumanResources.Employee WHERE Id = ''' + @Id + ''' ;'); --Non compliant code