- keep sql-injection in mind ! 
Check http://www.sqlservercentral.com/columnists/chedgate/sqlinjection.asp
- just define your variables as sp-parameters and handle your statement in your sp. You will soon discover it's best to work with known predicates.
- check http://www.sommarskog.se/dynamic_sql.html and http://www.sommarskog.se/dyn-search.html
Johan
Learn to play, play to learn !
Dont drive faster than your guardian angel can fly ...
but keeping both feet on the ground wont get you anywhere :w00t:
- How to post Performance Problems
- How to post data and code to get the best help
- How to prevent a sore throat after hours of presenting ppt
press F1 for solution, press shift+F1 for urgent solution 😀
Who am I ? Sometimes this is me but most of the time this is me