Monday, March 26, 2012

Dynamic query

Hello

I'm a newbie in sql server. anyone can explain what does Dynamic query means?

thanks.

Sure, but for some basic understandings (perhaps your questions will be cleared after the detailed the explanation of this text) look for:

http://www.sommarskog.se/dynamic_sql.html

HTH, jens Suessmeyer.

|||On Sat, 21 Jan 2006 11:30:01 -0800,

wrote:

>I'm a newbie in sql server. anyone can explain what does Dynamic query

>means?

Hi Dato0011,

Dynamic SQL means that the query is not precoded in a stored procedure

or application, but created on the spot. Example of non-dynamic SQL:

SELECT COUNT(*) FROM pubs..authors

Example of dynamic SQL:

DECLARE @.SQL nvarchar(400)

SET @.SQL = 'SELECT COUNT(*) FROM pubs..authors'

EXECUTE (@.SQL)

(In a real situation, part of the dynamic SQL would be based on user

input).

Dynamic SQL can be advantegeous in some situations, but it is also

extremely dangerous. Using dynamic SQL requires permissions for the end

users on your tables, and -the most important danger!- exposes your DB

to the danger of SQL injection.

For a completediscussion of the curse and blessing of dynamic SQL, see

Erland Sommarskog's article:

http://www.sommarskog.se/dynamic_sql.html

--

Hugo Kornelis, SQL Server MVP|||

Hi Dato0011,

It seems that some weird bug deleted the formatting of my reply. Let's do that one more time, shall we?

On Sat, 21 Jan 2006 11:30:01 -0800, <Dato0011@.discussions.microsoft.com>
wrote:

>I'm a newbie in sql server. anyone can explain what does Dynamic query
>means?

Hi Dato0011,

Dynamic SQL means that the query is not precoded in a stored procedure
or application, but created on the spot. Example of non-dynamic SQL:

SELECT COUNT(*) FROM pubs..authors

Example of dynamic SQL:

DECLARE @.SQL nvarchar(400)
SET @.SQL = 'SELECT COUNT(*) FROM pubs..authors'
EXECUTE (@.SQL)

(In a real situation, part of the dynamic SQL would be based on user
input).

Dynamic SQL can be advantegeous in some situations, but it is also
extremely dangerous. Using dynamic SQL requires permissions for the end
users on your tables, and -the most important danger!- exposes your DB
to the danger of SQL injection.

For a completediscussion of the curse and blessing of dynamic SQL, see
Erland Sommarskog's article:
http://www.sommarskog.se/dynamic_sql.html

--
Hugo Kornelis, SQL Server MVP

Posted by mod at 1:21 AM
Labels: , , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)