This is assuming that the stored procedure takes a VARCHAR or NVARCHAR parameter(s) AND uses these params to build a dynamic query. I think @JaredKarney meant that when you are using a stored procedure you are not building a dynamic sql statement. It's when you use dynamic sql statements that you are vulnerable to sql injection.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
This is assuming that the stored procedure takes a VARCHAR or NVARCHAR parameter(s) AND uses these params to build a dynamic query. I think @JaredKarney meant that when you are using a stored procedure you are not building a dynamic sql statement. It's when you use dynamic sql statements that you are vulnerable to sql injection.