Well-Treaded
A lot has been written about dynamic SQL over the years, but I ran into a situation recently where I needed to rewrite some code that needed it with minimal disruption to other parts of a stored procedure.
The …
Category: Dynamic SQL
Signs You Need Dynamic SQL
Nothing Works
There are things that queries just weren’t meant to do all at once. Multi-purpose queries are often just a confused jumble with crappy query plans.
If you have a Swiss Army Knife, pull it out. Open up all …
Defeating Parameter Sniffing With Dynamic SQL
Enjoy!
Thanks for watching!
A Word From Our Sponsors
First, a huge thank you to everyone who has bought my training so far. You all are incredible, and I owe all of you a drink.
Your support means a …
Why You Shouldn’t Ignore Filter Operators In Query Plans Part 2
If You Remember Part 1
We looked at a couple examples of when SQL Server might need to filter out rows later in the plan than we’d like, and why that can cause performance issues.
Now it’s time to look …
Join Me At Data Platform Summit 2020!
The Road From Nowhere
This year, I’m teaching an 8 hour online workshop at Data Platform Summit, and I’d love it if you joined me.
Here’s what I’ll be teaching:
Class Title: The Beginner’s Guide To Advanced Performance Tuning…
Towards Safer Dynamic SQL
Injectables
Dynamic SQL is always a hot topic. I love using it. Got a lot of posts about it.
Recently, while answering a question about it, it got me thinking about safety when accepting table names as user input, among …
A Quirk With Plan Caching And Dynamic SQL
Have All Thirteen
…
Sneaky SQL Injection
One More Thing
I always try to impart on people that SQL injection isn’t necessarily about vandalizing or trashing data in some way.
Often it’s about getting data. One great way to figure out how difficult it might be to …
Dynamic Temp Table Pains
Tinker Toy
Let’s say you have dynamic SQL that selects different different data based on some conditions.
Let’s also say that data needs to end up in a temp table.
Your options officially suck.
If you create the table outside …
Just Using sp_executesql Doesn’t Make Dynamic SQL Safe To Use
Safe Belt
A lot of people I’ve talked to about dynamic SQL have been under the misguided impression that just using sp_executesql will fix safety issues with SQL injection.
In reality, it’s only half the battle. The other half …