- \item\fail{} Verify that all SQL queries, HQL, OSQL, NOSQL and stored
- procedures, calling of stored procedures are protected by the
- use of prepared statements or query parameterization, and
- thus not susceptible to SQL injection.
-
- This is not the case. For example in \srcref{users.php}{45}. However,
- in some cases prepared statements are used, such as is
- \srcref{users.php}{145}.
+ \item\fail{} Verify that all \SQL{} queries, \code{HQL}, \code{OSQL},
+ \code{NOSQL} and stored procedures, calling of stored procedures are
+ protected by the use of prepared statements or query parameterization,
+ and thus not susceptible to \SQL{} injection.
+
+ \begin{result}
+ This is not the case. For example in \srcref{classes/users.php}{45}.
+ However, in some cases prepared statements are used, such as is
+ \srcref{classes/users.php}{145}.
+ \end{result}
+