Showing results for 
Search instead for 
Did you mean: 
Resolver I
Resolver I

SQL Injection through PowerApps

Good morning all,


Due to circumstances with my institution, I ended up being the main database architect for our PowerApp. The creation itself was smooth, and incredibly fun to learn as I go (Yes, I was that new). I have one DB, with 4 tables, on Azure, which is hosted by my institutions IT department. I run Stored Procedures via Flow to update certain tables with values from other tables. 


However, a friend of mine, who is much more knowledgable in SQL matters brought to my attention the possibility of SQL injection. Obviously, that got me rather worried. I can't seem to find concrete evidence whether PowerApps will allow SQL injection. I assume it wouldn't, but proof would be nice. I have actually managed to save a query into one of the fields in my DB when submitting it through my app. It was a harmless query, but it did appear in it's entirety in the DB field. However, it didn't run. Is this something that could be ran after it was sent to the DB?


Basically, I just need my fears assuaging over whether Azure SQL or PowerApps will allow SQL injection or not!

Resolver I
Resolver I

Does anyone have any information on this please?

Helpful resources

UG GA Amplification 768x460.png

Launching new user group features

Learn how to create your own user groups today!

Community Connections 768x460.jpg

Community & How To Videos

Check out the new Power Platform Community Connections gallery!

M365 768x460.jpg

Microsoft 365 Collaboration Conference | December 7–9, 2021

Join us, in-person, December 7–9 in Las Vegas, for the largest gathering of the Microsoft community in the world.

Users online (1,773)