Merge pull request #36371 from VanMSFT/sql-security-freshness-review-20260122-1541

denrea · web-flow · commit 166412179d13 · 2026-01-26T16:55:32.000-08:00
Fix 5 high-priority UUF items: PKI cryptography, symmetric key example, SPN permissions, ODBC batches, JDBC API
diff --git a/docs/connect/jdbc/reference/preparestatement-method-java-lang-string-int-array.md b/docs/connect/jdbc/reference/preparestatement-method-java-lang-string-int-array.md
@@ -0,0 +1,53 @@
+---
+title: "prepareStatement Method (java.lang.String, int[])"
+description: "prepareStatement Method (java.lang.String, int[])"
+author: David-Engel
+ms.author: davidengel
+ms.date: "01/22/2026"
+ms.service: sql
+ms.subservice: connectivity
+ms.topic: reference
+apilocation: "sqljdbc.jar"
+apiname: "SQLServerConnection.prepareStatement (java.lang.String, int[])"
+apitype: "Assembly"
+---
+# prepareStatement method (java.lang.String, int[])
+
+[!INCLUDE[Driver_JDBC_Download](../../../includes/driver_jdbc_download.md)]
+
+  Creates a [SQLServerPreparedStatement](../../../connect/jdbc/reference/sqlserverpreparedstatement-class.md) object for sending parameterized SQL statements to the database, and that's capable of returning the autogenerated keys designated by the given array.  
+  
+## Syntax  
+  
+```java
+public java.sql.PreparedStatement prepareStatement(java.lang.String sql,  
+                                                   int[] columnIndexes)  
+```  
+  
+#### Parameters
+
+ `sql`
+  
+ A **String** that contains a SQL statement.  
+  
+ `columnIndexes`  
+  
+ An array of ints.  
+  
+## Return value
+
+ A PreparedStatement object.  
+  
+## Exceptions
+
+ [SQLServerException](../../../connect/jdbc/reference/sqlserverexception-class.md)  
+  
+## Remarks
+
+This prepareStatement method is specified by the prepareStatement method in the java.sql.Connection interface.  
+  
+## Related content
+
+- [prepareStatement Method &#40;SQLServerConnection&#41;](../../../connect/jdbc/reference/preparestatement-method-sqlserverconnection.md)
+- [SQLServerConnection Members](../../../connect/jdbc/reference/sqlserverconnection-members.md)
+- [SQLServerConnection Class](../../../connect/jdbc/reference/sqlserverconnection-class.md)  
diff --git a/docs/connect/jdbc/reference/preparestatement-method-java-lang-string-int.md b/docs/connect/jdbc/reference/preparestatement-method-java-lang-string-int.md
@@ -1,31 +1,37 @@
 ---
-title: "prepareStatement Method (java.lang.String)"
-description: "prepareStatement Method (java.lang.String)"
+title: "prepareStatement Method (java.lang.String, int)"
+description: "prepareStatement Method (java.lang.String, int)"
 author: David-Engel
 ms.author: davidengel
-ms.date: "02/07/2017"
+ms.date: "01/22/2026"
+ai-usage: ai-assisted
 ms.service: sql
 ms.subservice: connectivity
 ms.topic: reference
 apilocation: "sqljdbc.jar"
-apiname: "SQLServerConnection.prepareStatement (java.lang.String)"
+apiname: "SQLServerConnection.prepareStatement (java.lang.String, int)"
 apitype: "Assembly"
 ---
-# prepareStatement Method (java.lang.String)
+# prepareStatement Method (java.lang.String, int)
 
-Creates a [SQLServerPreparedStatement](./sqlserverpreparedstatement-class.md) object for sending parameterized SQL statements to the database.
+Creates a [SQLServerPreparedStatement](./sqlserverpreparedstatement-class.md) object that has the capability to retrieve autogenerated keys.
 
 ## Syntax
 
 ```
-public java.sql.PreparedStatement prepareStatement(java.lang.String sql)
+public java.sql.PreparedStatement prepareStatement(java.lang.String sql,
+                                                   int autoGeneratedKeys)
 ```
 
 #### Parameters
-*sql*
+`sql`
 
 A **String** containing a SQL statement.
 
+`autoGeneratedKeys`
+
+An **int** flag indicating whether autogenerated keys should be returned. One of `Statement.RETURN_GENERATED_KEYS` or `Statement.NO_GENERATED_KEYS`.
+
 ## Return Value
 A PreparedStatement object.
 
@@ -35,10 +41,8 @@ A PreparedStatement object.
 ## Remarks
 This prepareStatement method is specified by the prepareStatement method in the java.sql.Connection interface.
 
-## See Also
-
-[prepareStatement Method &#40;SQLServerConnection&#41;](./preparestatement-method-sqlserverconnection.md)
-
-[SQLServerConnection Members](./sqlserverconnection-members.md)
+## Related content
 
-[SQLServerConnection Class](./sqlserverconnection-class.md)
+- [prepareStatement Method &#40;SQLServerConnection&#41;](./preparestatement-method-sqlserverconnection.md)
+- [SQLServerConnection Members](./sqlserverconnection-members.md)
+- [SQLServerConnection Class](./sqlserverconnection-class.md)
diff --git a/docs/connect/jdbc/reference/preparestatement-method-java-lang-string.md b/docs/connect/jdbc/reference/preparestatement-method-java-lang-string.md
@@ -1,50 +1,49 @@
 ---
-title: "prepareStatement Method (java.lang.String, int[])"
-description: "prepareStatement Method (java.lang.String, int[])"
+title: "prepareStatement Method (java.lang.String)"
+description: "prepareStatement Method (java.lang.String)"
 author: David-Engel
 ms.author: davidengel
-ms.date: "01/19/2017"
+ms.date: "01/22/2026"
 ms.service: sql
 ms.subservice: connectivity
 ms.topic: reference
 apilocation: "sqljdbc.jar"
-apiname: "SQLServerConnection.prepareStatement (java.lang.String, int[])"
+apiname: "SQLServerConnection.prepareStatement (java.lang.String)"
 apitype: "Assembly"
+ai-usage: ai-assisted
 ---
-# prepareStatement Method (java.lang.String, int[])
+# prepareStatement Method (java.lang.String)
+
 [!INCLUDE[Driver_JDBC_Download](../../../includes/driver_jdbc_download.md)]
 
-  Creates a [SQLServerPreparedStatement](../../../connect/jdbc/reference/sqlserverpreparedstatement-class.md) object for sending parameterized SQL statements to the database, and that is capable of returning the auto-generated keys designated by the given array.  
-  
-## Syntax  
-  
-```  
-  
-public java.sql.PreparedStatement prepareStatement(java.lang.String sql,  
-                                                   int[] columnIndexes)  
-```  
-  
-#### Parameters  
- *sql*  
-  
- A **String** that contains a SQL statement.  
-  
- *columnIndexes*  
-  
- An array of ints.  
-  
-## Return Value  
- A PreparedStatement object.  
-  
-## Exceptions  
- [SQLServerException](../../../connect/jdbc/reference/sqlserverexception-class.md)  
-  
-## Remarks  
- This prepareStatement method is specified by the prepareStatement method in the java.sql.Connection interface.  
-  
-## See Also  
- [prepareStatement Method &#40;SQLServerConnection&#41;](../../../connect/jdbc/reference/preparestatement-method-sqlserverconnection.md)   
- [SQLServerConnection Members](../../../connect/jdbc/reference/sqlserverconnection-members.md)   
- [SQLServerConnection Class](../../../connect/jdbc/reference/sqlserverconnection-class.md)  
-  
-  
+Creates a [SQLServerPreparedStatement](../../../connect/jdbc/reference/sqlserverpreparedstatement-class.md) object for sending parameterized SQL statements to the database.
+
+## Syntax
+
+```java
+public java.sql.PreparedStatement prepareStatement(java.lang.String sql)
+```
+
+#### Parameters
+
+`sql`
+
+A **String** that contains a SQL statement.
+
+## Return Value
+
+A PreparedStatement object.
+
+## Exceptions
+
+[SQLServerException](../../../connect/jdbc/reference/sqlserverexception-class.md)
+
+## Remarks
+
+This prepareStatement method is specified by the prepareStatement method in the java.sql.Connection interface.
+
+## Related content
+
+- [prepareStatement Method &#40;SQLServerConnection&#41;](../../../connect/jdbc/reference/preparestatement-method-sqlserverconnection.md)
+- [SQLServerConnection Members](../../../connect/jdbc/reference/sqlserverconnection-members.md)
+- [SQLServerConnection Class](../../../connect/jdbc/reference/sqlserverconnection-class.md)
diff --git a/docs/connect/jdbc/reference/preparestatement-method-sqlserverconnection.md b/docs/connect/jdbc/reference/preparestatement-method-sqlserverconnection.md
@@ -22,7 +22,7 @@ apitype: "Assembly"
 |----------|-----------------|  
 |[prepareStatement (java.lang.String)](../../../connect/jdbc/reference/preparestatement-method-java-lang-string.md)|Creates a [SQLServerPreparedStatement](../../../connect/jdbc/reference/sqlserverpreparedstatement-class.md) object for sending parameterized SQL statements to the database.|  
 |[prepareStatement (java.lang.String, int)](../../../connect/jdbc/reference/preparestatement-method-java-lang-string-int.md)|Creates a [SQLServerPreparedStatement](../../../connect/jdbc/reference/sqlserverpreparedstatement-class.md) object for sending parameterized SQL statements to the database, and has the capability to retrieve auto-generated keys.|  
-|[prepareStatement (java.lang.String, int&#91;&#93;)](../../../connect/jdbc/reference/preparestatement-method-java-lang-string.md)|Creates a [SQLServerPreparedStatement](../../../connect/jdbc/reference/sqlserverpreparedstatement-class.md) object for sending parameterized SQL statements to the database, and that is capable of returning the auto-generated keys that are designated by the given array.|  
+|[prepareStatement (java.lang.String, int&#91;&#93;)](../../../connect/jdbc/reference/preparestatement-method-java-lang-string-int-array.md)|Creates a [SQLServerPreparedStatement](../../../connect/jdbc/reference/sqlserverpreparedstatement-class.md) object for sending parameterized SQL statements to the database, and that is capable of returning the auto-generated keys that are designated by the given array.|  
 |[prepareStatement (java.lang.String, int, int)](../../../connect/jdbc/reference/preparestatement-method-java-lang-string-int-int.md)|Creates a [SQLServerPreparedStatement](../../../connect/jdbc/reference/sqlserverpreparedstatement-class.md) object that generates [SQLServerResultSet](../../../connect/jdbc/reference/sqlserverresultset-class.md) objects with the given type and concurrency.|  
 |[prepareStatement (java.lang.String, int, int, int)](../../../connect/jdbc/reference/preparestatement-method-java-lang-string-int-int-int.md)|Creates a [SQLServerPreparedStatement](../../../connect/jdbc/reference/sqlserverpreparedstatement-class.md) object that generates [SQLServerResultSet](../../../connect/jdbc/reference/sqlserverresultset-class.md) objects with the given type, concurrency, and holdability.|  
 |[prepareStatement (java.lang.String, java.lang.String&#91;&#93;)](../../../connect/jdbc/reference/preparestatement-method-java-lang-string-java-lang-string.md)|Creates a [SQLServerPreparedStatement](../../../connect/jdbc/reference/sqlserverpreparedstatement-class.md) object for sending parameterized SQL statements to the database.|  
diff --git a/docs/connect/toc.yml b/docs/connect/toc.yml
@@ -923,6 +923,8 @@
             href: ../connect/jdbc/reference/preparestatement-method-java-lang-string.md
           - name: prepareStatement Method (java.lang.String, int)
             href: ../connect/jdbc/reference/preparestatement-method-java-lang-string-int.md
+          - name: prepareStatement Method (java.lang.String, int[])
+            href: ../connect/jdbc/reference/preparestatement-method-java-lang-string-int-array.md
           - name: prepareStatement Method (java.lang.String, int, int)
             href: ../connect/jdbc/reference/preparestatement-method-java-lang-string-int-int.md
           - name: prepareStatement Method (java.lang.String, int, int, int)
diff --git a/docs/database-engine/configure-windows/register-a-service-principal-name-for-kerberos-connections.md b/docs/database-engine/configure-windows/register-a-service-principal-name-for-kerberos-connections.md
@@ -3,7 +3,8 @@ title: Register a Service Principal Name for Kerberos Connections
 description: "Find out how to register a Service Principal Name (SPN) with Active Directory. This registration is required for using Kerberos authentication with SQL Server."
 author: rwestMSFT
 ms.author: randolphwest
-ms.date: 08/26/2025
+ms.date: 01/22/2026
+ai-usage: ai-assisted
 ms.service: sql
 ms.subservice: configuration
 ms.topic: how-to
@@ -100,9 +101,9 @@ For a TCP/IP connection, where the TCP port is included in the SPN, [!INCLUDE [s
 
 When an instance of the [!INCLUDE [ssDEnoversion](../../includes/ssdenoversion-md.md)] starts, [!INCLUDE [ssnoversion-md](../../includes/ssnoversion-md.md)] tries to register the SPN for the [!INCLUDE [ssnoversion-md](../../includes/ssnoversion-md.md)] service. When the instance is stopped, [!INCLUDE [ssnoversion-md](../../includes/ssnoversion-md.md)] tries to unregister the SPN. For a TCP/IP connection, the SPN is registered in the format `MSSQLSvc/<FQDN>:<tcpport>`. Both named instances and the default instance are registered as `MSSQLSvc`, relying on the `<tcpport>` value to differentiate the instances.
 
-For other connections that support Kerberos the SPN is registered in the format `MSSQLSvc/<FQDN>:<instancename>` for a named instance. The format for registering the default instance is `MSSQLSvc/<FQDN>`.
+For other connections that support Kerberos, the SPN is registered in the format `MSSQLSvc/<FQDN>:<instancename>` for a named instance. The format for registering the default instance is `MSSQLSvc/<FQDN>`.
 
-To give permissions to the [!INCLUDE [ssnoversion-md](../../includes/ssnoversion-md.md)] startup account, to register and modify the SPN, perform the following steps:
+To give permissions to the [!INCLUDE [ssnoversion-md](../../includes/ssnoversion-md.md)] startup account to register and modify the SPN, perform the following steps:
 
 1. On the Domain Controller machine, navigate to **Active Directory Users and Computers**.
 
@@ -116,9 +117,9 @@ To give permissions to the [!INCLUDE [ssnoversion-md](../../includes/ssnoversion
 
    1. Select the account and select **Edit**.
 
-   1. Under Permissions select **Validated Write servicePrincipalName**.
+   1. Under Permissions select **Validated write to service principal name**.
 
-   1. Scroll down and under **Properties** select:
+   1. Scroll down and under **Properties**, select:
 
       - **Read servicePrincipalName**
       - **Write servicePrincipalName**
@@ -200,7 +201,7 @@ The following table describes the authentication defaults that are used, based o
 
 ## Remarks
 
-The Dedicated Administrator Connection (DAC) uses an instance name-based SPN. Kerberos authentication can be used with a DAC if that SPN is registered successfully. As an alternative a user can specify the account name as an SPN.
+The Dedicated Administrator Connection (DAC) uses an instance name-based SPN. Kerberos authentication can be used with a DAC if that SPN is registered successfully. As an alternative, you can specify the account name as an SPN.
 
 If SPN registration fails during startup, this failure is recorded in the [!INCLUDE [ssnoversion-md](../../includes/ssnoversion-md.md)] error log, and startup continues.
 
diff --git a/docs/odbc/reference/develop-app/batches-of-sql-statements.md b/docs/odbc/reference/develop-app/batches-of-sql-statements.md
diff --git a/docs/relational-databases/security/sql-server-certificates-and-asymmetric-keys.md b/docs/relational-databases/security/sql-server-certificates-and-asymmetric-keys.md
diff --git a/docs/t-sql/statements/create-symmetric-key-transact-sql.md b/docs/t-sql/statements/create-symmetric-key-transact-sql.md
