Why to avoid dynamic SQL queries ? any suggestion to remove there bad part and to use these?

Question

Can you please guide me why dynamic SQL is suggested to avoid ? Is there any way that I can keep on using dynamic SQL and avoid its bad things ?

score 4 · Accepted Answer · answered Jun 15 '11 at 13:15

4

http://www.sommarskog.se/dynamic_sql.html

If you don't understand everything in this, come back and ask a question, but under no circustances should you use dynamic SQl until you understand this article.

answered Jun 15 '11 at 13:15

HLGEM

91,883
14
110
181

score 1 · Answer 2 · answered Jun 15 '11 at 13:17

1

The main problem is sql injection. People can enter data that can change the intent of your sql.

One of the best solutions is to use sp_executesql. http://msdn.microsoft.com/en-us/library/ms188001.aspx

answered Jun 15 '11 at 13:17

Scott Bruns

1,921
12
12

Why to avoid dynamic SQL queries ? any suggestion to remove there bad part and to use these?

2 Answers2

Linked