Home Forums SQL Server 2008 SQL Server 2008 - General Dynamic query RE: Dynamic query

  • December 19, 2012 at 7:27 am

    #1570076

    Jeff Moden (12/18/2012)

    toddasd (12/18/2012)

    Of course, I'd do this task like below. Be warned though, that I don't have to worry about sql injection in my closed environment.

    Famous last words. 😉

    You should always be prepared for SQL Injection because 1) You never know when your "closed environment" is going to be opened up, 2) you never know just how clever hackers are at getting into supposed "closed environments", and 3) a closed environment will not protect you from someone on the inside with a score to settle.

    True on all counts. I regretted posting that a minute after clicking submit. Trouble is my entire system is built like this. I guess it's time to go retrofitting.

    ______________________________________________________________________________
    How I want a drink, alcoholic of course, after the heavy lectures involving quantum mechanics.