The examples were run against a copy of the Adventure Works database.
For the Second Order Demo you need the following table added to the Adventure Works database:
CREATE TABLE [dbo].[FavouriteSearch](
[id] [int] IDENTITY(1,1) NOT NULL,
[name] [nvarchar](128) NOT NULL,
[searchTerm] [nvarchar](1024) NOT NULL
) ON [PRIMARY]
The slide deck is available for download in PDF format.
During the talk I mentioned a lesson from history on why firewalls are not enough.
I also showed XKCD’s famous “Bobby Tables” cartoon, and also a link to further information on dynamic SQL in Stored Procedures.
More information about the badly displayed error messages can be found amongst two blog posts: What not to develop, and a follow up some months later.
I wrote a fuller article on SQL Injection Attacks that you can read here although it is a few years old now, it is still relevant given that SQL Injection Attacks remain at the top of the OWASP list of vulnerabilities.