|
|
|
|
|
|
by eurasiantiger
1336 days ago
|
|
|
It is only safe for the SQL server. An injection attack could still be targeting a cache (to poison it with e.g. a malicious script), the browser (to steal data via XSS/CSRF) or the user (show an error message telling them to contact malicious number). |
|
|
> "You can stick any user input into a database query and you'll be fine"
Besides which, pretend SQL Server is a glorified cache, the result is the same.