Home Forums SQL Server 2008 SQL Server 2008 - General single quotes RE: single quotes
enriquezreyjoseph
Ten Centuries
Points: 1291
More actions
October 6, 2013 at 6:48 pm
#1656207
Jeff Moden (10/6/2013)Just a reminder to remember not to use anything from the parameters in direct concatenation in the dynamic SQL. Poorly formed dynamic SQL is still the leading cause of hack-attacks.
Jeff Moden (10/6/2013)
Agree to jeff 🙂