There times when you need to write T-SQL code that creates specific T-SQL Code and executes it. When you do this you are creating dynamic T-SQL code. When writing dynamic T-SQL you need to understand how dynamic code opens the possibilities for a SQL injection attack.
By Gregory Larsen
2016/07/29 (first published: 2014/07/23)