Jeff Moden (9/26/2012)
opc.three (9/25/2012)
sanjuv999 (9/25/2012)
please guide meDo not enable xp_cmdshell! You do not need it for this scenario and it introduces risk in your environment.
If you want to do everyting with T-SQL use for this task BULK INSERT.
It doesn't introduce any risks that aren't already there. Only an attacker who can get in as "SA" would be able to use it and if (s)he did so, they could also turn it on. It wouldn't even slow them down because they're expecting it to be off.
Enabling xp_cmdshell does introduce risk into an environment despite how slight or irrelevant you think those risks may be.
There are no special teachers of virtue, because virtue is taught by the whole community.
--Plato