Jump to content


Richard Bassett

Member Since 14 Mar 2000
Offline Last Active Oct 20 2014 02:03 PM
-----

#19722 Example of using dynamic SQL

Posted by Richard Bassett on 25 February 2014 - 02:32 PM

Obligatory Little Bobby Tables reference:

 

https://xkcd.com/327/

 

The serious point to remember is that using dynamic SQL enables SQL injection attacks, so you should always put in place appropriate sanitization of the variable text you are splicing into your SQL, otherwise bad things can happen to good people.