Is it possible to sql inject this code?

From: "Dixon" <vijaydixon@xxxxxxxxx>
Date: 19 Jan 2006 01:18:48 -0800

Is it possible to sql inject this code?
-----------------------------------------------------------------------------------------------------------------------------------------------
ALTER PROCEDURE Sp_Login
(@username as nvarchar(100),@password as nvarchar(100))
AS
select count (*)from Tablename where Username=@username and
Password=@password

RETURN
-----------------------------------------------------------------------------------------------------------------------------------------------

.

Prev by Date: Re: Decrypting from replicated table
Next by Date: Is it possible to sql inject this code?
Previous by thread: Re: SQLSAC command line parameters?
Next by thread: Is it possible to sql inject this code?
Index(es):
- Date
- Thread

Relevant Pages

Is it possible to sql inject this code?
... ALTER PROCEDURE Sp_Login ... (@username as nvarchar(100),@password as nvarchar) ... Prev by Date: ...
(microsoft.public.sqlserver.security)
Re: Is it possible to sql inject this code?
... > Is it possible to sql inject this code? ... > ALTER PROCEDURE Sp_Login ... Prev by Date: ...
(microsoft.public.sqlserver.security)
Re: max min question
... > say username is TOM ... SELECT max,min,sumFROM tablename ... to use a query to normalize this data. ... "qNormalizedData" using this sql (it's a union query): ...
(microsoft.public.inetserver.asp.db)
Re: Checking for value in a table
... Dim MyDB As DAO.DataBase, MyRec As Dao.RecordSet ... Set MyRec = MyDB.OpenRecordSet("Select * From TableName Where ... > the text value "Username" then return the the value in the second column ...
(microsoft.public.access.modulesdaovba)
Re: max min question
... Instead of one row for each username, there would be 6 for each, thus making ... > Your table design is not normalized, making this a much more difficult ... > SELECT max,min,sumFROM tablename ... > union all ...
(microsoft.public.inetserver.asp.db)