Home Forums Article Discussions Article Discussions by Author Discuss Content Posted by Alex Grinberg Self Eliminated Parameters RE: Self Eliminated Parameters

  • October 9, 2006 at 6:14 pm

    #664890

    Be careful with this one.

    we have tables with 6 million rows and doing

    WHERE (CustomerName = @CustomerName OR @CustomerName IS NULL)

    killed perfomance. The query took more than 2 minutes.

    User dynamic SQL with EXEC or SP_EXECUTESQL.

    watch out for single quotes with EXEC, to prevent SQL Injection and to deal with certain last names.

    O'Malley in SQL is 'O''Malley'

    IF @CustomerName IS NOT NULL

    BEGIN

        SET @sql = @sql + N' AND CustomerName = ''' + REPLACE(@CustomerName,'''','''''') + ''''

    END