Symptoms

During the Microsoft Auto Code Review (OACR) check for SQL replication component to validate if there is any code that's vulnerable for SQL injection attacks, you receive an error message that resembles the following:

F:\ds_maindev1\Sql\Sqlrepl\xpreplclr.net\ReplCmdDataReader.cs (1004): OACR warning 62100: The query string passed to 'SqlCommand.CommandText.set(string)' in 'ReplCmdsReader.sp_printstatement(string)' could contain the following variables 'strCmd'. If any of these variables could come from user input, consider using a stored procedure or a parameterized SQL query instead of building the query with string concatenations. (run 'oacr fxcop SQL:amd64chk /target asm_tranrepl.dll' for details)

FUNCTION: Microsoft.SqlServer.Replication.ReplCmdsReader (-1)

Resolution

This issue is fixed in the following cumulative updates for SQL Server:

About cumulative updates for SQL Server:

Each new cumulative update for SQL Server contains all the hotfixes and all the security fixes that were included with the previous cumulative update. Check out the latest cumulative updates for SQL Server:

References

Learn about the terminology that Microsoft uses to describe software updates.

Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

What affected your experience?

Thank you for your feedback!

×