ATI Radeon HD 5970 Review: Dual-GPU Graphics

ATI revealed its last generation Radeon 5000 graphics family last September, when we got the chance to review the ATI Radeon HD 5870, and what a treat that was.

In a few tests the single-GPU Radeon HD 5870 was able to outgun the mighty GeForce GTX 295, while in most it managed to match or improve upon the Radeon HD 4870 X2. As you are likely aware, both of these products carry dual GPUs, which bring a number of implications, not to mention bigger price tags.

Looking forward we knew Nvidia would have no immediate response to the new Radeons, while on the other hand ATI was not done unleashing its full series of products. Subsequently we looked at two more products that were meant to underperform the flagship HD 5870: the slightly cut down Radeon HD 5850 and the mainstream aimed HD 5770.

From left to right: Radeon HD 5770, HD 5850, HD 5870, and HD 5970.

But as we discussed in our preliminary Radeon 5870 review, on the horizon was also a follow-up to the Radeon HD 4870 X2, code-named "Hemlock XT", which in essence would put together a pair of Radeon HD 5870 GPUs on a single PCB.

Today AMD is officially unveiling the Hemlock as the new ATI Radeon HD 5970, hoping to expand its current dominance in single-GPU performance with the fastest single-slot graphics card on the market -- a title that until today was reserved for Nvidia's dual-GPU GeForce GTX 295.

The Radeon HD 5970 looks to be well suited for the job. The GPUs used in this card use exactly the same configuration found on the Radeon HD 5870, while core and memory frequencies match those of the Radeon HD 5850. This provides the HD 5970 with an unmatched memory bandwidth of 256GB/s.

All this horsepower will come at a hefty price, as AMD expects to charge as much as $600 for it. This is a bit hard to swallow, but all things considered it's about where we expected it to stand among the rest of high-end graphics offerings. 

Full exposure: A "naked" Radeon HD 5970 graphics card.

The $400 Radeon HD 5870 is still sold out virtually everywhere due to extreme shortages. The Radeon HD 5850 version still costs $300, meaning that a pair of them would cost the same amount as a single Radeon HD 5970, and we do not expect the performance to be nearly as good. On the other side of the equation, Nvidia's top performer, the GeForce GTX 295 is selling for around $500. 

As we see it, only extreme users looking for the best possible gaming experience - or the bragging rights attached to the label - will find the Radeon HD 5970 to make complete sense. 

Knowing this is the 5970's intended market, AMD has stamped a big "unlocked" label over the card in our press kit. Perhaps more marketing buzz than actual functionality, the Radeon HD 5970 allows you to jack core and memory frequencies as high as you like -- or at least as high as they will go without compromising stability. This in itself is far from exciting news as there's been software available to do just that for ages.

The most interesting part should come from the ability to adjust voltages and thus increase the card's overclocking room, something we'll be checking in detail next.

Nvidia GeForce GTX 260/280 Review

Over a year and a half – that’s how long the GeForce 8800 GTX remained in the position of what could be called Nvidia’s high-end GPU. Oh of course, six months after its release and – just a coincidence – just before the arrival of the R600, we did get an 8800 Ultra with slightly higher clock speeds, but it was nothing revolutionary. Then two and a half months ago, the arrival of the 9800GTX awakened hopes of substantial performance increases, but in the end the card offered only limited gains over the good old GTX, and was behind the Ultra version. For owners of these cards to be really happy with their investment, it was high time for Nvidia to offer more than a few extra megahertz or to rely on pairing two GPUs on the same card.

 

Finally Nvidia has heard our pleas: The GTX 280 is the first real reworking of the G8x architecture. And, yes, breaking with tradition, "GTX" is a prefix for this new architecture. Now we know the company’s modus operandi: Introduce a new architecture on a proven engraving process. Due to the often very high number of transistors, the chip is expensive to produce and the cards that use it remain expensive, but it stakes out the territory. Then during the ensuing years, Nvidia develops its architecture on all segments of the scale, using finer engraving, but it is less optimized for high clock speeds. Finally, when the new process is under control, Nvidia moves it into the high end, which then becomes much more affordable. We saw it with the G70/G71 and the G80/G92, and now history repeats itself with the GT200 – a true killer with 1.4 billion transistors engraved at 0.65 µm.

See our video of the GTX 280 (running) and the GTX 260 (shown).

The Types of Computer Mice

Computer mice some in a number of varieties. You can find a computer mouse for just about any use. To figure out what kind of mouse would work best with your PC, you need to know your mouse options:

• Mechanical mouse: Houses a hard rubber ball that rolls as the mouse is moved. Sensors inside the mouse body detect the movement and translate it into information that the computer interprets.
• Optical mouse: Uses an LED sensor to detect tabletop movement and then sends off that information to the computer for merry munching.
   
• Infrared (IR) or radio frequency cordless mouse: With both these types, the mouse relays a signal to a base station wired to the computer's mouse port. The cordless mouse requires power, which comes in the form of batteries.
• A mouse with many buttons: The extra buttons can be programmed to do specific things, such as navigate the Web or turn pages when you’re reading a document. The typical button-ified mouse has about five buttons.
  
  
  
• Trackball mouse: Like an upside-down mouse. Rather than roll the mouse around, you use your thumb or index finger to roll a ball on top of the mouse. The whole contraption stays stationary, so it doesn’t need a lot of room, and its cord never gets tangled.
  
• Stylus mouse: Another mouse mutation enjoyed by the artistic type is the stylus mouse, which looks like a pen and draws on a special pad.
• Cordless 3-D mouse: This kind of mouse can be pointed at the computer screen like a TV remote.

Top Five Budget Laptops 2011

Are you are thinking of buying a budget laptop to save money? Well, you've come to the right place!

I'm sure you know that buying a budget laptop can be tricky. How do you buy a laptop that has the minimal features you want and yet does not burn a hole in your pocket?

Well, it turns out that many laptop manufacturers target this market segment, so you have a huge variety of models to choose from.

Typically, a budget range laptop should be priced below $850. They tend to tradeoff some hardware or software features but that reduces the overall prices.

I've written this article to help you sieve out the top 5 budget laptops in the market. So let's get started right away ...

	Toshiba Satellite A215-S4747 Toshiba has always been manufacturing laptops and they have a lot of budget models. I find that the Toshiba Satellite A215-S4747 to be one of the best, with its AMD based dual core CPU, 1 GB or RAM and a generous 200GB hard drive. If you have some spare cash, it wouldn't hurt to upgrade the RAM to 2GB.
	Sony VGN-NR160E/S The Sony VGN-NR160E/S is a surprising entry in this list. The reason being that Sony is not usually considered a 'budget' laptop manufacturer. The VGN-NR160E/S is an exception. It contains an Intel Core 2 Duo CPU, 1 GB of RAM and a sizable 160GB hard drive. Highly recommended as it is a brand name machine at a very good price.
	Gateway M-6823 The Gateway M-6823 is an exclusive model that has recently been launched. It uses an Intel Core 2 Duo processor, 1 GB or RAM and a whopping 250GB hard drive. What's interesting is that you also get a LabelFlash drive used for burning labels to DVDs and CD. Unfortunately, it is not easy to find label media for the drive. On the whole, it is still a great laptop.
	HP Pavilion dv6605us The HP Pavilion dv6605us has much of the same features you saw in the other laptops. However, it is a budget laptop in every sense of the word -  with a price that is very hard to beat. The dv6605us comes with an AMD dual core processor,  1GB of RAM and a large 160GB hard drive. There's also a LightScribe compatible dual layer DVD burner.
	Compaq Presario V6620US The Compaq Presario V6620US is almost identical to the HP Pavilion dv6605us. Whatever features and problems you find on the HP Pavilion, you will find in this Compaq Presario. The only problem with this Compaq laptop is that the brand name is a bit less well known compared to HP. Hence, obtaining advice and support on the Compaq Presario V6620US might pose a problem for some people.

Conclusion

I certainly hope this article has shown some of the best budget laptop computers that money can buy. If you're in the market for a budget laptop, be sure to check out the above models before making the final purchase decision. Until next time, happy shopping!

How to Choose Laptop Computer for College Student

Which laptops are most suitable for college students? If you have a child who is about to enter college, or if you're a college student yourself, you might be in the market for a laptop.
There is a huge variety of laptops available in the market. It definitely confuses anyone trying to settle on a good, functional laptop for college classes.
In this article, I will try to help you understand which are the best value laptops for college students.
1. Overview
Before we look at the laptops most suitable for college students, we should understand what makes a good student laptop. Typically, a student would want a laptop that's lightweight and comfortable enough to lug to and from their various classes. In addition, the laptop has to have great battery life and performance. And price is sometimes a concern, so the above features need to be packed into an affordable package.

A college student's laptop needs to be powerful and light
 

After considering the types of laptops suitable for college students, I've decided to split them into three categories: budget, thin and light and ultraportable. So let's take a look at them now ...
 
2. Budget Laptops
For a college student who is short on cash, a budget laptop is a good buy. Some of the best budget laptops include those from Dell, Toshiba and HP. I personally find the Toshiba Satellite A215-S4747 to be a great budget laptop. You get an AMD based dual core CPU, which perfroms very well with most applications. You also get a huge 200GB hard drive and a large number of peripheral ports.
 

The Toshiba Satellite A215-S4747 budget laptop
 

There's also a nice Sony VGN-NR160E/S model that is (surprisingly) within the budget category. Out of the box, this machine gives you the Intel Core 2 Duo T5250 processor, 1 GB of RAM and a large 160GB hard drive - that's a lot of computing power at budget price.
 

3. Thin and Light Laptops
If you prefer a more powerful laptop and don't mind a little bit of weight, then try going for a thin and light laptop. Some of the models I can think of include those from Lenovo, HP and Sony.
The Sony VAIO VGN-FZ280E is a pretty good choice for a thin and light notebook. This system comes with a Bluray compatible writer that can also burn CDs and DVDs. You also get an Intel Core 2 Duo 2.0GHz CPU, 2GB RAM and a very large 250GB hard drive.
 

The Sony VAIO VGN-FZ280E thin and light laptop
 

Another model I'd consider is the HP Pavilion dv6675us. You will get an Intel Core 2 Duo 2.0GHz CPU, 4GB RAM and 250GB of hard drive space. The 4GB of RAM is a great feature which will come in handy if you're a student of finance or science and need to run intensive computational applications.
 
4. Ultraportable Laptops
If the size and weight of the laptop is of high importance to you, then go for an ultraportable laptop. These laptops give very good computing performance in a very small, compact package.
In this category, I think the Lenovo ThinkPad X61 is a great choice for students. It is slightly pricey (but not outrageously so) but it is one of the best performing laptops around. It weighs only about 3 pounds and is hence an extremely portable piece of hardware. You also get an Intel Core 2 Duo 2.0GHz CPU, 2GB RAM and an ample 100GB hard drive. You don't get a built-in DVD writer though - that unit is external to the laptop.
 

The Lenovo ThinkPad X61 ultraportable laptop
 

Another good choice is the Toshiba Portege R500-S5001X. It weights 2.4 pounds and is less than an inch thick. This is one of the thinnest and lightest notebooks you will find in the market. It's also very reasonably priced.
 

Conclusion

Well! I hope this article has shown you the various types of laptops which are suitable for college students. Regardless of your needs and budget, make sure that you do proper research before shelling out any cash. Until next time, best of luck and happy shopping!

How to Choose The Best Laptop For You

Looking for a laptop computer but not sure which model to pick? How do you choose laptop that will meet your computing needs and budget?

As you know, a laptop is an expensive machine. You certainly don't want to fork out a ton of cash and later find that the laptop is not the one you want.

However, laptops come in so many shapes and sizes - it can be difficult to decide which is the perfect model for you.

Can't decide which model of laptop to buy? How do you choose a laptop that will meet your computing needs and yet does not burst your budget?

Choosing a good laptop computer can be very difficult. You are faced with so many models and specs that you don't know where to begin!

Well, help is here! Read on and find out what you need to consider before buying a laptop. Once you go through the points below, you will have a much clearer picture.

How do you choose laptop that's just right for you? Well, when buying a laptop, you need to consider factors beyond performance and weight. There are many additional things like screen dimensions, battery life, and keyboard and connection options which you have to think about.

aptops come in a variety of shapes and sizes
 

Let's look at some of the factors one should consider when buying a laptop.
 

1. Processor

One of the first things you need to consider in a laptop is the CPU. The latest laptop CPUs include Intel's Core Duo and Core 2 Duo processors which outperform older single-core Intel processors (e.g. Pentium M). Other laptops use the AMD Athlon Turion 64 X2 dual-core processor - which is also a good performer. In general, however, if you're looking for a laptop, I'd advise you to look for one with an Intel Core Duo processor. You can also read this guide to find out more.
 

2. System memory

The amount of RAM in the laptop is very important. If you're not short of cash, my advice is to get at least 1GB of RAM - that is the minimum you need to get newer PC applications to run fast. Also remember that you can always add more memory to your existing laptop. You may be interested in this short guide on how to install new memory modules into a laptop.
 

3. Graphics memory

Laptop graphics are another feature you will want to consider. Typically, I'd say you should go for 128MB of dedicated video RAM. Also, ensure that the graphics memory is used solely for graphics use and not shared with the main memory. If you intend to play games on the laptop, then look for advanced 3D graphics chips with about 256MB to 512MB of dedicated graphics memory. Be prepared to fork out a lot more cash though.
 

4. Screen

You will also want to take a look at the laptop screen. Laptop screens have recently become bigger. Most of them have gone widescreen so you can watch movies or edit spreadsheets more comfortably.

If you intend to use the laptop from home a lot, then I'd go for a 17-inch wide screen. If you are more concerned about portability or if you travel a lot, then laptops with screen sizes of 12.1 or 13.3 inches might suit you better. There are also 14.1- or 15-inch screens for laptops, but I believe manufacturers are shifting away from these models.
 

5. Battery

Here's another critical factor - laptop battery life. I personally find it very frustrating to have my notebook power run out after 15 minutes at Starbucks. What you need to do is to buy a laptop that has about 3.5 hours of battery life, running on a Core Duo or Core 2 Duo processor. Make sure you question the retailer on how long the battery can last - a short battery life is usually a deal breaker for me.
 

6. Keyboard and Pointing Device

Some people believe that the keyboard and pointing device on a laptop is important. If you have big fingers, you might be more comfortable typing on a larger notebook keyboard than a small one. Make sure you try the laptop out - get the feel of typing and navigation before you buy the laptop.
 

7. Optical drives

I'd usually recommend getting a laptop with a rewritable DVD drive as a minimum. One thing you need to know is that some laptops sacrifice a DVD drive in exchange for a lighter weight and portability. If you don't think you need a DVD drive all the time, then you might want to get a model that doesn't have one.
 

8. Hard drive

In the laptop hard drive department, what can I say? More is better. These days, you can get a notebook hard drives coming in sizes of 160GB or more. You can also get SATA hard drives if you have more cash.
 

9. Weight

Another thing to note is the weight of the laptop. Now, when you buy a laptop, always remember that the total weight includes the notebook AND the AC adapter, any external modules, and their cables. These can add up to quite a bit of weight.
 

10. Communications

These days, you will find that most laptops come with at least two USB 2.0 ports - I'd recommend that as a minimum. If you do a lot of video editing, then a FireWire (IEEE 1394) port also becomes essential.

You should also check for good network capabilities. Make sure your new laptop has built-in ethernet capability, a built-in wireless connection and also built-in Bluetooth (if you need to transfer data between your mobile phone and the laptop).

Some of the laptops also include card slots for removable media such as CompactFlash, Secure Digital and MultiMediaCard. If you take a lot of digital photos, then this feature might matter to you.
 

11. Laptop Shopping Tips

Whew! That sure is a long list of features to consider when buying a laptop. In addition to understanding the features, there are three important laptop shopping tips you should bear in mind.

• Tip #1: How will you use the laptop?
  One of the problems when you buy a laptop is that you pay for features you don't really need. One of the best ways to avoid paying too much is to consider how you will use the laptop. If it is mostly for word processing, then settle for a cheaper machine. If it is for gaming, then you need a more powerful one.
   
• Tip #2: Think of features you will not compromise
  You should also be aware that there are some basic features in a laptop you should NOT sacrifice. For example, for me, if I were buying a laptop, I'd choose (as a minimum) - an Intel Core Duo or Core 2 Duo processor, 2GB of RAM, 160GB of hard drive, a very small screen size and a super long lasting battery. Your list of critical feature may vary.
   
• Tip #3: Remember you can pick and choose
  Most vendors will let you custom-build your own laptop. This is a good thing, because you can just pick those features you need and not pay any extra. You can easily purchase a faster notebook by accepting a smaller hard drive or DVD drive, for example.

Conclusion

I hope this article has shown you that ins and outs of buying a laptop. Remember, a laptop is an expensive device. It will also be something you bring along anywhere you go. Hence, it is critical that you do proper research and find the correct laptop to suit your needs. Remember the above tips the next time you're in the market for a laptop, and happy shopping!

SQL injection - The Definition

SQL injection is an attack in which malicious code is inserted into strings that are later passed to an instance of SQL Server for parsing and execution. Any procedure that constructs SQL statements should be reviewed for injection vulnerabilities because SQL Server will execute all syntactically valid queries that it receives. Even parameterized data can be manipulated by a skilled and determined attacker.

The primary form of SQL injection consists of direct insertion of code into user-input variables that are concatenated with SQL commands and executed. A less direct attack injects malicious code into strings that are destined for storage in a table or as metadata. When the stored strings are subsequently concatenated into a dynamic SQL command, the malicious code is executed.

The injection process works by prematurely terminating a text string and appending a new command. Because the inserted command may have additional strings appended to it before it is executed, the malefactor terminates the injected string with a comment mark "--". Subsequent text is ignored at execution time.
The following script shows a simple SQL injection. The script builds an SQL query by concatenating hard-coded strings together with a string entered by the user:

var Shipcity;
ShipCity = Request.form ("ShipCity");
var sql = "select * from OrdersTable where ShipCity = '" + ShipCity + "'";

The user is prompted to enter the name of a city. If she enters Redmond, the query assembled by the script looks similar to the following:

SELECT * FROM OrdersTable WHERE ShipCity = 'Redmond'

However, assume that the user enters the following:

Redmond'; drop table OrdersTable--

In this case, the following query is assembled by the script:

SELECT * FROM OrdersTable WHERE ShipCity = 'Redmond';drop table OrdersTable--' 

The semicolon (;) denotes the end of one query and the start of another. The double hyphen (--) indicates that the rest of the current line is a comment and should be ignored. If the modified code is syntactically correct, it will be executed by the server. When SQL Server processes this statement, SQL Server will first select all records in OrdersTable where ShipCity is Redmond. Then, SQL Server will drop OrdersTable.
As long as injected SQL code is syntactically correct, tampering cannot be detected programmatically. Therefore, you must validate all user input and carefully review code that executes constructed SQL commands in the server that you are using. Coding best practices are described in the following sections in this topic.

Always validate user input by testing type, length, format, and range. When you are implementing precautions against malicious input, consider the architecture and deployment scenarios of your application. Remember that programs designed to run in a secure environment can be copied to an nonsecure environment. The following suggestions should be considered best practices:

• Make no assumptions about the size, type, or content of the data that is received by your application. For example, you should make the following evaluation:
  
  • How will your application behave if an errant or malicious user enters a 10-megabyte MPEG file where your application expects a postal code?
    
  • How will your application behave if a DROP TABLE statement is embedded in a text field?
    
• Test the size and data type of input and enforce appropriate limits. This can help prevent deliberate buffer overruns.
  
• Test the content of string variables and accept only expected values. Reject entries that contain binary data, escape sequences, and comment characters. This can help prevent script injection and can protect against some buffer overrun exploits.
  
• When you are working with XML documents, validate all data against its schema as it is entered.
  
• Never build Transact-SQL statements directly from user input.
  
• Use stored procedures to validate user input.
  
• In multitiered environments, all data should be validated before admission to the trusted zone. Data that does not pass the validation process should be rejected and an error should be returned to the previous tier.
  
• Implement multiple layers of validation. Precautions you take against casually malicious users may be ineffective against determined attackers. A better practice is to validate input in the user interface and at all subsequent points where it crosses a trust boundary.
  For example, data validation in a client-side application can prevent simple script injection. However, if the next tier assumes that its input has already been validated, any malicious user who can bypass a client can have unrestricted access to a system.
  
• Never concatenate user input that is not validated. String concatenation is the primary point of entry for script injection.
  
• Do not accept the following strings in fields from which file names can be constructed: AUX, CLOCK$, COM1 through COM8, CON, CONFIG$, LPT1 through LPT8, NUL, and PRN.
  

When you can, reject input that contains the following characters.

Input character	Meaning in Transact-SQL
;	Query delimiter.
'	Character data string delimiter.
--	Comment delimiter.
/* ... */	Comment delimiters. Text between /* and */ is not evaluated by the server.
xp_	Used at the start of the name of catalog-extended stored procedures, such as xp_cmdshell.

Use Type-Safe SQL Parameters

The Parameters collection in SQL Server provides type checking and length validation. If you use the Parameters collection, input is treated as a literal value instead of as executable code. An additional benefit of using the Parameters collection is that you can enforce type and length checks. Values outside the range will trigger an exception. The following code fragment shows using the Parameters collection:

SqlDataAdapter myCommand = new SqlDataAdapter("AuthorLogin", conn);
myCommand.SelectCommand.CommandType = CommandType.StoredProcedure;
SqlParameter parm = myCommand.SelectCommand.Parameters.Add("@au_id",
     SqlDbType.VarChar, 11);
parm.Value = Login.Text;

In this example, the @au_id parameter is treated as a literal value instead of as executable code. This value is checked for type and length. If the value of @au_id does not comply with the specified type and length constraints, an exception will be thrown.

Use Parameterized Input with Stored Procedures

Stored procedures may be susceptible to SQL injection if they use unfiltered input. For example, the following code is vulnerable:

SqlDataAdapter myCommand = 
new SqlDataAdapter("LoginStoredProcedure '" + 
                               Login.Text + "'", conn);

If you use stored procedures, you should use parameters as their input.

Use the Parameters Collection with Dynamic SQL

If you cannot use stored procedures, you can still use parameters, as shown in the following code example:

SqlDataAdapter myCommand = new SqlDataAdapter(
"SELECT au_lname, au_fname FROM Authors WHERE au_id = @au_id", conn);
SQLParameter parm = myCommand.SelectCommand.Parameters.Add("@au_id", 
                        SqlDbType.VarChar, 11);
Parm.Value = Login.Text;

Filtering Input

Filtering input may also be helpful in protecting against SQL injection by removing escape characters. However, because of the large number of characters that may pose problems, this is not a reliable defense. The following example searches for the character string delimiter.

private string SafeSqlLiteral(string inputSQL)
{
  return inputSQL.Replace("'", "''");
}

LIKE Clauses

Note that if you are using a LIKE clause, wildcard characters still must be escaped:

s = s.Replace("[", "[[]");
s = s.Replace("%", "[%]");
s = s.Replace("_", "[_]");

Reviewing Code for SQL Injection

---

You should review all code that calls EXECUTE, EXEC, or sp_executesql. You can use queries similar to the following to help you identify procedures that contain these statements. This query checks for 1, 2, 3, or 4 spaces after the words EXECUTE or EXEC.

SELECT object_Name(id) FROM syscomments

WHERE UPPER(text) LIKE '%EXECUTE  (%'

OR UPPER(text) LIKE '%EXECUTE  (%'

OR UPPER(text) LIKE '%EXECUTE   (%'

OR UPPER(text) LIKE '%EXECUTE    (%'

OR UPPER(text) LIKE '%EXEC (%'

OR UPPER(text) LIKE '%EXEC  (%'

OR UPPER(text) LIKE '%EXEC   (%'

OR UPPER(text) LIKE '%EXEC    (%'

OR UPPER(text) LIKE '%SP_EXECUTESQL%'

Wrapping Parameters with QUOTENAME() and REPLACE()

In each selected stored procedure, verify that all variables that are used in dynamic Transact-SQL are handled correctly. Data that comes from the input parameters of the stored procedure or that is read from a table should be wrapped in QUOTENAME() or REPLACE(). Remember that the value of @variable that is passed to QUOTENAME() is of sysname, and has a maximum length of 128 characters.

@variable	Recommended wrapper
Name of a securable	QUOTENAME(@variable)
String of ≤ 128 characters	QUOTENAME(@variable, '''')
String of > 128 characters	REPLACE(@variable,'''', '''''')

When you use this technique, a SET statement can be revised as follows:
--Before:
SET @temp = N'select * from authors where au_lname='''
+ @au_lname + N''''
--After:
SET @temp = N'select * from authors where au_lname='''
+ REPLACE(@au_lname,'''','''''') + N''''

Injection Enabled by Data Truncation

Any dynamic Transact-SQL that is assigned to a variable will be truncated if it is larger than the buffer allocated for that variable. An attacker who is able to force statement truncation by passing unexpectedly long strings to a stored procedure can manipulate the result. For example, the stored procedure that is created by the following script is vulnerable to injection enabled by truncation.
CREATE PROCEDURE sp_MySetPassword
@loginname sysname,
@old sysname,
@new sysname
AS
-- Declare variable.
-- Note that the buffer here is only 200 characters long.
DECLARE @command varchar(200)
-- Construct the dynamic Transact-SQL.
-- In the following statement, we need a total of 154 characters
-- to set the password of 'sa'.
-- 26 for UPDATE statement, 16 for WHERE clause, 4 for 'sa', and 2 for
-- quotation marks surrounded by QUOTENAME(@loginname):
-- 200 – 26 – 16 – 4 – 2 = 154.
-- But because @new is declared as a sysname, this variable can only hold
-- 128 characters.
-- We can overcome this by passing some single quotation marks in @new.
SET @command= 'update Users set password=' + QUOTENAME(@new, '''') + ' where username=' + QUOTENAME(@loginname, '''') + ' AND password = ' + QUOTENAME(@old, '''')

-- Execute the command.
EXEC (@command)
GO
By passing 154 characters into a 128 character buffer, an attacker can set a new password for sa without knowing the old password.
EXEC sp_MySetPassword 'sa', 'dummy', '123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012'''''''''''''''''''''''''''''''''''''''''''''''''''
For this reason, you should use a large buffer for a command variable or directly execute the dynamic Transact-SQL inside the EXECUTE statement.

Truncation When QUOTENAME(@variable, '''') and REPLACE() Are Used

Strings that are returned by QUOTENAME() and REPLACE() will be silently truncated if they exceed the space that is allocated. The stored procedure that is created in the following example shows what can happen.
CREATE PROCEDURE sp_MySetPassword
@loginname sysname,
@old sysname,
@new sysname
AS

-- Declare variables.
DECLARE @login sysname
DECLARE @newpassword sysname
DECLARE @oldpassword sysname
DECLARE @command varchar(2000)

-- In the following statements, the data stored in temp variables
-- will be truncated because the buffer size of @login, @oldpassword,
-- and @newpassword is only 128 characters, but QUOTENAME() can return
-- up to 258 characters.

SET @login = QUOTENAME(@loginname, '''')
SET @oldpassword = QUOTENAME(@old, '''')
SET @newpassword = QUOTENAME(@new, '''')

-- Construct the dynamic Transact-SQL.
-- If @new contains 128 characters, then @newpassword will be '123... n
-- where n is the 127th character.
-- Because the string returned by QUOTENAME() will be truncated,
-- it can be made to look like the following statement:
-- UPDATE Users SET password ='1234. . .[127] WHERE username=' -- other stuff here

SET @command = 'UPDATE Users set password = ' + @newpassword
+ ' where username =' + @login + ' AND password = ' + @oldpassword;

-- Execute the command.
EXEC (@command)
GO
Therefore, the following statement will set the passwords of all users to the value that was passed in the previous code.
EXEC sp_MyProc '--', 'dummy', '12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678'
You can force string truncation by exceeding the allocated buffer space when you use REPLACE(). The stored procedure that is created in the following example shows what can happen.
CREATE PROCEDURE sp_MySetPassword
@loginname sysname,
@old sysname,
@new sysname
AS
-- Declare variables.
DECLARE @login sysname
DECLARE @newpassword sysname
DECLARE @oldpassword sysname
DECLARE @command varchar(2000)
-- In the following statements, data will be truncated because
-- the buffers allocated for @login, @oldpassword and @newpassword
-- can hold only 128 characters, but QUOTENAME() can return
-- up to 258 characters.

SET @login = REPLACE(@loginname, '''', '''''')
SET @oldpassword = REPLACE(@old, '''', '''''')
SET @newpassword = REPLACE(@new, '''', '''''')

-- Construct the dynamic Transact-SQL.
-- If @new contains 128 characters, @newpassword will be '123...n
-- where n is the 127th character.
-- Because the string returned by QUOTENAME() will be truncated, it
-- can be made to look like the following statement:
-- UPDATE Users SET password='1234…[127] WHERE username=' -- other stuff here

SET @command= 'update Users set password = ''' + @newpassword + ''' where username='''
+ @login + ''' AND password = ''' + @oldpassword + '''';

-- Execute the command.
EXEC (@command)
GO
As with QUOTENAME(), string truncation by REPLACE() can be avoided by declaring temporary variables that are large enough for all cases. When possible, you should call QUOTENAME() or REPLACE() directly inside the dynamic Transact-SQL. Otherwise, you can calculate the required buffer size as follows. For @outbuffer = QUOTENAME(@input), the size of @outbuffer should be 2*(len(@input)+1). When you use REPLACE() and doubling quotation marks, as in the previous example, a buffer of 2*len(@input) is enough.
The following calculation covers all cases:
While len(@find_string) > 0, required buffer size =
round(len(@input)/len(@find_string),0) * len(@new_string)
+ (len(@input) % len(@find_string))

Truncation When QUOTENAME(@variable, ']') Is Used

Truncation can occur when the name of a SQL Server securable is passed to statements that use the form QUOTENAME(@variable, ']'). The following example shows this.
CREATE PROCEDURE sp_MyProc
@schemaname sysname,
@tablename sysname,
AS
-- Declare a variable as sysname. The variable will be 128 characters.
-- But @objectname actually must allow for 2*258+1 characters.
DECLARE @objectname sysname
SET @objectname = QUOTENAME(@schemaname)+'.'+ QUOTENAME(@tablename)
-- Do some operations.
GO
When you are concatenating values of type sysname, you should use temporary variables large enough to hold the maximum 128 characters per value. If possible, call QUOTENAME() directly inside the dynamic Transact-SQL. Otherwise, you can calculate the required buffer size as explained in the previous section.