Home Forums Article Discussions Article Discussions by Author Discuss Content Posted by Sloan Holliday The Zero to N Parameter Problem (Sql Server 2005 and Up -- Update) RE: The Zero to N Parameter Problem (Sql Server 2005 and Up -- Update)

  • December 10, 2013 at 10:54 am

    #1672387

    My comment "dynamic SQL isn't a good idea" is directly related to injection attacks, as you state.

    What I like about this solution is that everything (client side with a strong dataset, and this procedure on the server side) is "strongly typed" and isn't alot of string concatentation.

    Client side, I would write something like

    ParameterDS ds = new ParameterDS();

    ds.ScalerRow srow = ds.NewScalarRow();

    srow.FromDate = DateTime.Now;

    srom.ToDate = DateTime.Now;

    ds.Scalar.AddScalarRow(srow);

    something like that.

    So I get strong typing.

    It's not the only way to skin a cat, but it's my preferred and still serves me well after 12 or so years.

    Thanks for the feedback.