Powershell invoke-sqlcmd should support parameterized queries - by KevinMarquette

Status : 


Sign in
to vote
ID 2605901 Comments
Status Active Workarounds
Type Suggestion Repros 0
Opened 4/18/2016 1:09:32 PM
Access Restriction Public


Invoke-SQLCmd should support parameterized queries and calling of stored procedures. Right now the only way to do it is to manually craft valid TSQL that does the  parameterization. It is a advanced TSQL syntax that is generally not understood by the general Powershell admin.

I am growing increasingly concerned with widespread use of concatenated SQL statements in Powershell scripts as a source of SQL injection.  

Sign in to post a comment.
Posted by Joel 'Jaykul' Bennett on 9/14/2016 at 11:23 AM
Dupe of an ancient request ...
Posted by Microsoft on 6/29/2016 at 8:31 PM
Hi Kevmar,
Thanks for the feedback.

It is indeed a lovely suggestion. I'm adding it to my backlog...