Using Dynamic SQL in Stored Procedures
Posted
on SQL Team
See other posts from SQL Team
Published on Mon, 07 Mar 2011 00:00:00 GMT
Indexed on
2011/03/07
16:13 UTC
Read the original article
Hit count: 186
Filed under:
Dynamic SQL allows stored procedures to “write” or dynamically generate their SQL statements. The most common use case for dynamic SQL is stored procedures with optional parameters in the WHERE clause. These are typically called from reports or screens that have multiple, optional search criteria. This article describes how to write these types of stored procedures so they execute well and resist SQL injection attacks.
© SQL Team or respective owner