The SQL Server TDS protocol provides two main paths for query execution (Language and RPC events.) You can trace these events using the Batch::Starting/Completed (Language) and RPC:Starting/Completed (RPC) XEvents.
Language events are text streams requiring full parsing and may be susceptible to injection attacks. Language events also require educated guesses. For example, should select 1 return a smallint, bigint?
Example: SQLExecDirect(“sp_who 50”)
SQL Server receives Type=Language
Query=”sp_who 50”
SQL Server must parse the query, make an educated guess for the data type of 50 and then execute the command.
Injection attack example: An application prompts the user for the