Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase ««12

Need assistance with making a sproc SQL Injection proof Expand / Collapse
Author
Message
Posted Thursday, April 24, 2014 9:53 PM


SSCarpal Tunnel

SSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal Tunnel

Group: General Forum Members
Last Login: Today @ 2:37 PM
Points: 4,438, Visits: 6,343
MarbryHardin (4/24/2014)
... And you'll have to come saw my foot off to get me to write dynamic SQL.


Then you are discounting one of the best tools for dealing with a number of data processing problems (of which the open-ended-search is a prime example). I have used it any number of times to achieve 4-5 ORDER OF MAGNITUDE performance gains while simultaneously bringing concurrency up from a molasses-in-February pace.


Best,

Kevin G. Boles
SQL Server Consultant
SQL MVP 2007-2012
TheSQLGuru at GMail
Post #1564946
Posted Friday, April 25, 2014 6:06 AM
SSC Rookie

SSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC Rookie

Group: General Forum Members
Last Login: Tuesday, November 18, 2014 12:19 PM
Points: 25, Visits: 116
There are other considerations beyond performance alone that discount the use of dynamic SQL. Speaking of writing it "right" in the first place.

Never say never, but it is something to be avoided.
Post #1565041
« Prev Topic | Next Topic »

Add to briefcase ««12

Permissions Expand / Collapse