Dynamic SQL – Erik Darling Data

Don’t Rely On Square Brackets To Protect You From SQL Injection: Use QUOTENAME Instead

Posted on June 17, 2021May 16, 2022 by Erik Darling

Uno Mal

I see a lot of scripts on the internet that use dynamic SQL, but leave people wide open to SQL injection attacks.

In many cases they’re probably harmless, hitting DMVs, object names, etc. But they set a bad …

Another Reason Why I Love Dynamic SQL IN SQL Server: OUTPUT Parameters Can Be Input Parameters

Posted on March 16, 2021May 16, 2022 by Erik Darling

Well-Treaded

A lot has been written about dynamic SQL over the years, but I ran into a situation recently where I needed to rewrite some code that needed it with minimal disruption to other parts of a stored procedure.

The …

Signs You Need Dynamic SQL To Fix Query Performance Problems In SQL Server

Posted on February 11, 2021May 16, 2022 by Erik Darling

Nothing Works

There are things that queries just weren’t meant to do all at once. Multi-purpose queries are often just a confused jumble with crappy query plans.

If you have a Swiss Army Knife, pull it out. Open up all …

Defeating Parameter Sniffing With Dynamic SQL In SQL Server

Posted on December 24, 2020May 15, 2022 by Erik Darling

Enjoy!

Thanks for watching!

Going Further

If this is the kind of SQL Server stuff you love learning about, you’ll love my training. I’m offering a 75% discount on to my blog readers if you click from here. I’m …

Why You Shouldn’t Ignore Filter Operators In SQL Server Query Plans Part 2

Posted on November 20, 2020May 16, 2022 by Erik Darling

If You Remember Part 1

We looked at a couple examples of when SQL Server might need to filter out rows later in the plan than we’d like, and why that can cause performance issues.

Now it’s time to look …

Join Me At Data Platform Summit 2020!

Posted on November 12, 2020May 16, 2022 by Erik Darling

The Road From Nowhere

This year, I’m teaching an 8 hour online workshop at Data Platform Summit, and I’d love it if you joined me.

Here’s what I’ll be teaching:

Class Title: The Beginner’s Guide To Advanced Performance Tuning…

How To Avoid SQL Injection In Dynamic SQL Queries In SQL Server

Posted on November 10, 2020May 16, 2022 by Erik Darling

Injectables

Dynamic SQL is always a hot topic. I love using it. Got a lot of posts about it.

Recently, while answering a question about it, it got me thinking about safety when accepting table names as user input, among …

Starting SQL: A Little More Fun With Logging Dynamic SQL

Posted on October 1, 2020May 16, 2022 by Erik Darling

Jammin Two

In case you missed it, because you probably missed it, a long time ago I wrote a post about logging dynamic SQL to a table to track execution history.

And while I still like that post, I wanted …

Starting SQL: Unparameterized Strings In Dynamic SQL

Posted on September 30, 2020May 16, 2022 by Erik Darling

Roaster

It doesn’t take much to let a bad person get at your data. I mean, the internet. Right? What a mistake.

Most of the time, you need to parameterize your code to avoid SQL injection. Hooray, we did it.…

Starting SQL: Dynamic SQL And Temporary Objects In SQL Server

Posted on September 29, 2020May 15, 2022 by Erik Darling

The Blink Of An Eye

Temporary objects are a necessity for just about every workload I’ve ever seen. One cannot trust the optimizer with overly large and complex queries.

At some point, you’ve gotta break things up, down, or sideways, …