Due to circumstances with my institution, I ended up being the main database architect for our PowerApp. The creation itself was smooth, and incredibly fun to learn as I go (Yes, I was that new). I have one DB, with 4 tables, on Azure, which is hosted by my institutions IT department. I run Stored Procedures via Flow to update certain tables with values from other tables.
However, a friend of mine, who is much more knowledgable in SQL matters brought to my attention the possibility of SQL injection. Obviously, that got me rather worried. I can't seem to find concrete evidence whether PowerApps will allow SQL injection. I assume it wouldn't, but proof would be nice. I have actually managed to save a query into one of the fields in my DB when submitting it through my app. It was a harmless query, but it did appear in it's entirety in the DB field. However, it didn't run. Is this something that could be ran after it was sent to the DB?
Basically, I just need my fears assuaging over whether Azure SQL or PowerApps will allow SQL injection or not!