A stored procedure is an encapsulation of logic that can be called from an application (or run in SQL Management Studio) to protect your database from SQL injection.
This is not true. A stored procedure could have a flaw and be vulnerable to SQL injection. That's very easy to do.
This is assuming that the stored procedure takes a VARCHAR or NVARCHAR parameter(s) AND uses these params to build a dynamic query. I think @JaredKarney meant that when you are using a stored procedure you are not building a dynamic sql statement. It's when you use dynamic sql statements that you are vulnerable to sql injection.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
This is not true. A stored procedure could have a flaw and be vulnerable to SQL injection. That's very easy to do.
I've updated the sections where I mentioned SQL Injection, as that is not something I am very familiar with. Thank you for the correction!
This is assuming that the stored procedure takes a VARCHAR or NVARCHAR parameter(s) AND uses these params to build a dynamic query. I think @JaredKarney meant that when you are using a stored procedure you are not building a dynamic sql statement. It's when you use dynamic sql statements that you are vulnerable to sql injection.