Symptoms

During the Microsoft Auto Code Review (OACR) check for SQL replication component to validate if there is any code that's vulnerable for SQL injection attacks, you receive an error message that resembles the following:

F:\ds_maindev1\Sql\Sqlrepl\xpreplclr.net\ReplCmdDataReader.cs (1004): OACR warning 62100: The query string passed to 'SqlCommand.CommandText.set(string)' in 'ReplCmdsReader.sp_printstatement(string)' could contain the following variables 'strCmd'. If any of these variables could come from user input, consider using a stored procedure or a parameterized SQL query instead of building the query with string concatenations. (run 'oacr fxcop SQL:amd64chk /target asm_tranrepl.dll' for details)

FUNCTION: Microsoft.SqlServer.Replication.ReplCmdsReader (-1)

Resolution

This issue is fixed in the following cumulative updates for SQL Server:

About cumulative updates for SQL Server:

Each new cumulative update for SQL Server contains all the hotfixes and all the security fixes that were included with the previous cumulative update. Check out the latest cumulative updates for SQL Server:

References

Learn about the terminology that Microsoft uses to describe software updates.

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.