Home Forums SQL Server 2008 SQL Server 2008 - General Dynamic query RE: Dynamic query

  • December 18, 2012 at 9:29 pm

    #1569861

    toddasd (12/18/2012)

    Of course, I'd do this task like below. Be warned though, that I don't have to worry about sql injection in my closed environment.

    Famous last words. 😉

    You should always be prepared for SQL Injection because 1) You never know when your "closed environment" is going to be opened up, 2) you never know just how clever hackers are at getting into supposed "closed environments", and 3) a closed environment will not protect you from someone on the inside with a score to settle.

    --Jeff Moden

    RBAR is pronounced "ree-bar" and is a "Modenism" for Row-By-Agonizing-Row.
    First step towards the paradigm shift of writing Set Based code:
    ________Stop thinking about what you want to do to a ROW... think, instead, of what you want to do to a COLUMN.

    Change is inevitable... Change for the better is not.

    Helpful Links:
    How to post code problems
    How to Post Performance Problems
    Create a Tally Function (fnTally)