Search

Advertisements

Showing posts with label Dynamic SQL. Show all posts
Showing posts with label Dynamic SQL. Show all posts

SQL Server - Dynamic SQL - SQL Injection - EXEC [ QUOTENAME() , REPLACE() , EXECUTE AS ] - Sp_executesql - [ RECOMPILE ]

Recently I had mess up with dynamic SQL , So whats next !!! , I started to explore on this topic and post it here , when I googled to gather some information , but what I found was , this topic has been already drilled to the core , carved and with the sculpture mounted on the walls of SQL Server by some of the great SQL Server guru's , much before an year I started to work with SQL Server .

For my regular readers , I will definitely share the good links with the abstract from the same .

To execute a string , we can make use of sp_executesql or EXEC - “Dynamic String Execution”  (DSE)

As mentioned in the BOL :

Advertisements