Sign in with Microsoft
Sign in or create an account.
Select a different account.
You have multiple accounts
Choose the account you want to sign in with.


During the Microsoft Auto Code Review (OACR) check for SQL replication component to validate if there is any code that's vulnerable for SQL injection attacks, you receive an error message that resembles the following:

F:\ds_maindev1\Sql\Sqlrepl\\ReplCmdDataReader.cs (1004): OACR warning 62100: The query string passed to 'SqlCommand.CommandText.set(string)' in 'ReplCmdsReader.sp_printstatement(string)' could contain the following variables 'strCmd'. If any of these variables could come from user input, consider using a stored procedure or a parameterized SQL query instead of building the query with string concatenations. (run 'oacr fxcop SQL:amd64chk /target asm_tranrepl.dll' for details)

FUNCTION: Microsoft.SqlServer.Replication.ReplCmdsReader (-1)


This issue is fixed in the following cumulative updates for SQL Server:

About cumulative updates for SQL Server:

Each new cumulative update for SQL Server contains all the hotfixes and all the security fixes that were included with the previous cumulative update. Check out the latest cumulative updates for SQL Server:


Learn about the terminology that Microsoft uses to describe software updates.

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.

Was this information helpful?

What affected your experience?
By pressing submit, your feedback will be used to improve Microsoft products and services. Your IT admin will be able to collect this data. Privacy Statement.

Thank you for your feedback!