Invoke-SQLCmd considered harmful

I mentioned here┬áthat Invoke-SQLCmd (included in the SQLPS module for SQL Server) was susceptible to SQL-Injection attacks, but I haven’t demonstrated that or ever seen anyone show it. To do so, I’ll start with code out of the help for Invoke-SQLCmd. ┬áHere’s the code (taken from here) Notice that the parameters are encoded in a …

Continue reading ‘Invoke-SQLCmd considered harmful’ »

Why Adolib (and POSH_Ado)?

I’ve realized that in my explanations of Adolib and POSH_Ado, I left something important out. Why in the world am I spending all of this time and effort writing database access modules when there are already tools out there (SQLPS, for instance) which work. The simple answer is SQLPS is not good enough for several …

Continue reading ‘Why Adolib (and POSH_Ado)?’ »

PowerShell and MySQL : POSH_Ado_MySQL

Using PowerShell and MySQL together with POSH_Ado is just as easy as SQL Server. You’ll need the POSH_Ado and POSH_Ado_MySQL Modules, and use this command to get started: Once you’ve done that you’ll have the following functions at your disposal: New-MySQLCommand New-MySQLConnectionString New-MySQLCommand Invoke-MySQLCommand Invoke-MySQLQuery Invoke-MySQLStoredProcedure These functions work just like the ones for SQLServer …

Continue reading ‘PowerShell and MySQL : POSH_Ado_MySQL’ »