https://github.com/MicrosoftDocs/azure-docs/issues/93581

dzsquared · dzsquared · commit 10376db683e8 · 2022-06-29T14:24:27.000-07:00
diff --git a/articles/azure-functions/functions-bindings-azure-sql-input.md b/articles/azure-functions/functions-bindings-azure-sql-input.md
@@ -542,6 +542,9 @@ The following table explains the binding configuration properties that you set i
 
 The attribute's constructor takes the SQL command text, the command type, parameters, and the connection string setting name. The command can be a Transact-SQL (T-SQL) query with the command type `System.Data.CommandType.Text` or stored procedure name with the command type `System.Data.CommandType.StoredProcedure`. The connection string setting name corresponds to the application setting (in `local.settings.json` for local development) that contains the [connection string](/dotnet/api/microsoft.data.sqlclient.sqlconnection.connectionstring?view=sqlclient-dotnet-core-3.1&preserve-view=true#Microsoft_Data_SqlClient_SqlConnection_ConnectionString) to the Azure SQL or SQL Server instance.
 
+Queries executed by the input binding are [parameterized](/dotnet/api/microsoft.data.sqlclient.sqlparameter) in Microsoft.Data.SqlClient to reduce the risk of [SQL injection](/sql/relational-databases/security/sql-injection) from the parameter values passed into the binding.
+
+
 ::: zone-end
 
 ## Next steps
