Is this SP safe to SQL Injection?

CREATE PROCEDURE [sp_Test] (
     @param nvarchar(Max)
) AS BEGIN

DECLARE @Output nvarchar(Max) = 
N’Select ‘ + @param

Select @output
Return

Intended Use

exec sp_test ‘5’

Returns “select 5”

Malicious Use

exec sp_test ‘5; drop database’

Returns(would be safe):
“select 5; drop database“

—-OR—-

Returns(not safe):
“select 5”
…but also actually dropping the database

MS SQL Server

Go to Source
Author: Donnie

Generate all combinations for variables and insert into temp table

0

I have one requirement there are 4 variables and i want all combinations of 4 variables and insert into temp table .

DECLARE StartDateTime DATETIME;
DECLARE Age INT; 
DECLARE Duration INT ;
DECLARE TotalDD INT;

CREATE TEMPORARY TABLE tempTable(
    Duration INT,
    TotalDD INT,
    Age INT,
    StartDateTime DATETIME,
   
);
SET Age = 16;
SET TotalDD = 14;
SET Duration = 30;
SET StartDateTime = CURDATE();

Excepted Result:

Duration age TotalDD StartDateTime
30 null null null
null 16 null null
30 null null null
30 16 null null
null null 14 20200622
30 null 14 null
30 16 null 20200622

……….. ………. so on

Go to Source
Author: user202