I have applied a table level encryption using TDE to my database,and am accessing the database from my windows application, through proper authentication:
my query may looks like the following(opens a wide entry for injection).
VB
Dim myQuery="Select * from myTable where some_id='" & txtUserId.Text & "'
c#
string myQuery="Select * from myTable where some_id='" + txtUserId.Text + "'
Consider that an intruder is trying some injection technique, entering text like sameValue' or 1=1 or ' so that it will give the whole data. my question is that, in this case whether he get the encrypted data or be the actual data
Note: i don't use such queries in my application, am using parameterized query and sp throughout my application. asking this for just clarification.
TDE is encrypting data at-rest, (link here) , and as such does not protect you from injection. Its only encrypting the data files and data logs.