Click here to monitor SSC
SQLServerCentral is supported by Redgate
Log in  ::  Register  ::  Not logged in
Home       Members    Calendar    Who's On

Add to briefcase ««12

Need assistance with making a sproc SQL Injection proof Expand / Collapse
Posted Thursday, April 24, 2014 9:53 PM



Group: General Forum Members
Last Login: Today @ 11:50 AM
Points: 5,664, Visits: 8,186
MarbryHardin (4/24/2014)
... And you'll have to come saw my foot off to get me to write dynamic SQL.

Then you are discounting one of the best tools for dealing with a number of data processing problems (of which the open-ended-search is a prime example). I have used it any number of times to achieve 4-5 ORDER OF MAGNITUDE performance gains while simultaneously bringing concurrency up from a molasses-in-February pace.


Kevin G. Boles
SQL Server Consultant
SQL MVP 2007-2012
TheSQLGuru at GMail
Post #1564946
Posted Friday, April 25, 2014 6:06 AM
SSC Rookie

SSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC Rookie

Group: General Forum Members
Last Login: Wednesday, October 14, 2015 1:49 PM
Points: 29, Visits: 153
There are other considerations beyond performance alone that discount the use of dynamic SQL. Speaking of writing it "right" in the first place.

Never say never, but it is something to be avoided.
Post #1565041
« Prev Topic | Next Topic »

Add to briefcase ««12

Permissions Expand / Collapse