Anonymous Monk has asked for the
wisdom of the Perl Monks concerning the following question:
do I have to validate all input before it gets into the stored procedure? (you can't have sql injection when using a sp,can you?)
The sp is not using dynamic sql but just uses the input as parameters to a WHERE clause.
For example if a parameter is of string type ie User_Name, should I validate it , ie check it for length and special characters, before it gets to the sp or is that not necessary?