USA: +1(669)289-8683 
Sign in
Assignment Requirements
Microsoft SQL Server Express and SQL Server Management Studio (SSMS) MUST be installed to complete this assignment.
- Compose your assignment in a Word document, and be sure to identify yourself, your class, and the assignment unit at the top of your paper.
- Embed the screenshots of your SQL statements and confirmatory output into the Word document
- First, navigate to the Academic Tools area of this course and select Library, then Required Readings to review the Unit 5 videos covering facets associated with database security. It is very important that you watch the Unit 5 videos before completing the assignment.You must have SQL Server Express and SQL Server Management Studio (SSMS) installed to perform this assignment. The sample database for this course is called BikeStores. Download the database design diagram below.BikeStores Database Design DiagramUse the BikeStores database design diagram for your stored procedure assessment.Please copy each SQL statement into your Microsoft® Word® document.Below that, enter a screenshot of the execution of the SQL showing the code and the resulting output.Below that, enter text explaining the SQL statement and outcome. What has occurred? Was there an adverse impact from the SQL statement execution?Part 1: Dynamic SQL Statements Without BindingExecute the individual SQL statements contained within the following text file in a Microsoft SSMS query window:BikeStores SQL Injection CommandsAfter executing these statements, explain why the GetUser stored procedure is problematic. Did any unauthorized data modifications occur? Did data corruption occur? Were any tables improperly dropped from the database?Part 2: Dynamic SQL Statements With BindingBased on the Part 1 results, the GetUser stored procedure has been revised and replaced with a stored procedure called GetUserWithBind. Execute the individual SQL statements contained within the following text file in a Microsoft SSMS query window:BikeStores SQL Injection Commands With BindingAfter executing these statements, explain whether the GetUserWithBind stored procedure has solved the security issues uncovered in Part 1. If the security issues have been resolved, explain how it was accomplished. Perform research and briefly describe the binding parameter concept. Below is a table contrasting the use of “execute” versus “execute sp_executesql” in Microsoft SQL Server.EXEC or EXECUTEEXEC sp_executesqlParameterization is not possibleParameterization is possibleRisk of SQL injection is highRisk of SQL injection is lowerAn EXEC call wastes a lot of space in the plan cacheIt gets cached like a stored procedure without wasting white spaces if parameterization is usedIt does not force a plan to be cachedIt forces the plan to be cached at first execution
