Why avoid dynamic SQL queries? Any suggestion to remove the bad part there and use them?

Question

Why avoid dynamic SQL queries? Any suggestion to remove the bad part there and use them?

Could you explain why dynamic SQL is recommended to be avoided? Is there a way that I can continue to use dynamic SQL and avoid its bad things?

+3

c # sql-server dynamic-sql data-access-layer

user576510 Jun 15 '11 at 13:12

source share

2 answers

The main problem is SQL injection. People can enter data that can change the intent of your sql.

sp_executesql. http://msdn.microsoft.com/en-us/library/ms188001.aspx

+1

Scott Bruns 15 . '11 13:17

Hlgem · Accepted Answer · 2011-06-15T13:15:09+0000

http://www.sommarskog.se/dynamic_sql.html

If you do not understand all of this, go back and ask a question, but if there is no circulation, you should use dynamic SQl until you understand this article.

Why avoid dynamic SQL queries? Any suggestion to remove the bad part there and use them?

More articles: