Code QL not finding sql server injection attack

I created a sample SQL Server injection attack, and CodeQL is not recognizing the vulnerability. If I do the same thing for a PostgreSQL database, it recognizes the vulnerability.

No Error found:

![Image](https://github.com/user-attachments/assets/930d9287-35c8-4903-b7bb-6e8f5019eb85)

Error found:

![Image](https://github.com/user-attachments/assets/a2aad825-342f-4e82-80ca-4674aa99daf9)

Any ideas on why this would be the case?




Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Code QL not finding sql server injection attack #19855

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Code QL not finding sql server injection attack #19855

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions