Home Forums Article Discussions Article Discussions by Author Discuss content posted by Charles Eaton Get a Return Every Time. RE: Get a Return Every Time.

  • March 4, 2008 at 1:59 am

    #784810

    Hi,

    I prefer to use static SQL in all cases where possible and only use dynamic SQL when there are a lot of where clause criteria to the stored proc. This is due to:

    - Far easier writing and debugging

    - Reuseable execution plans (in most cases)

    - Much tighter security

    Easier writing

    With static SQL you have WYSIWYG with syntax highlighting and no problem with missing spaces, spelling mistakes etc.

    Reusable execution plans

    When resorting to dynamic SQL remember that the query plans are not reuseable when you use the EXEC(). Using the "sp_executesql" gives you that option along with the possibility of using both input and output variables. "sp_executesql" is almost always superior in both flexibility and performance to the EXEC() alternative.

    Tighter security

    With static SQL you can grant access to stored procs onlyt. With dynamic SQL you will have to grant the executing user SELECT access to all the references tables. That may work for you, but it's definitely not to my taste.

    To sum it up there are certainly situations where dynamic SQL is beneficial, but it is necessary to understand the implications that may tag along.

    Sincerely,

    Lasse