Phil Parkin (11/13/2013)
This avoids possible issues with SQL injection.
Hi Dwain, I did consider this. But as the variable in question had a numeric datatype, I could not see how there could be an injection risk. Am I wrong?
Good point Phil. Hadn't really thought about it that way.
But as a general course people should probably try to use sp_executesql whenever they can because of the additional control it gives you. It even supports outputting variables.
I guess I've trained myself to always use it, so that makes me think that everyone should always use it. 😛
My thought question: Have you ever been told that your query runs too fast?
My advice:
INDEXing a poor-performing query is like putting sugar on cat food. Yeah, it probably tastes better but are you sure you want to eat it?
The path of least resistance can be a slippery slope. Take care that fixing your fixes of fixes doesn't snowball and end up costing you more than fixing the root cause would have in the first place.
Need to UNPIVOT? Why not CROSS APPLY VALUES instead?[/url]
Since random numbers are too important to be left to chance, let's generate some![/url]
Learn to understand recursive CTEs by example.[/url]
[url url=http://www.sqlservercentral.com/articles/St