RE: Can You make this code Shorter??..

SSC-Forever

Points: 41690

September 27, 2013 at 3:03 am

enriquezreyjoseph (9/27/2013)
Cadavre (9/27/2013)
enriquezreyjoseph (9/27/2013)
Thank you guys..
so, i should change varchar now to my whole table and to my front-end...tsk :-(..
You're also vulnerable to SQL injection. Please look over the code I posted and see the difference between it and yours.
Is ' Stuff ' a keyword???

How is that what you took from what I said? Yes, Stuff is a keyword.

Look at the parametrised dynamic SQL that I used, rather than what you used. If you don't understand the difference, then frankly for the sake of your job and the health of your companies data you need to not use dynamic SQL. It's a powerful tool and when used correctly can do a lot of good. When used incorrectly, it can be a catastrophe.

Forever trying to learn
My blog - http://www.cadavre.co.uk/
For better, quicker answers on T-SQL questions, click on the following...http://www.sqlservercentral.com/articles/Best+Practices/61537/
For better, quicker answers on SQL Server performance related questions, click on the following...http://www.sqlservercentral.com/articles/SQLServerCentral/66909/