Hi Greg,

I do not go quite with your conclusions.

If parameterized SQL is used as it is intended, the skeleton of the statement @CMD provided by the application and user input used only for parameters,

there will be no danger of SQL injection and consequently no advantage in avoiding dynamic SQL.

Concluding from what I know and what is stated in the article.

reagrds

Herbert