Please start any new threads on our new site at https://forums.sqlteam.com. We've got lots of great SQL Server experts to answer whatever question you can come up with.

 All Forums
 SQL Server 2000 Forums
 SQL Server Development (2000)
 execute query in SP, query comes as parameter :)

Author  Topic 

AskSQLTeam
Ask SQLTeam Question

0 Posts
Posted - 2005-07-07 : 06:15:36
krishna writes "Hi,

I want to execute a query in stored procedure. I want to pass the query as a parameter into the stored procedure and i want to execute it in the stored procedure. Because the query is dynamically generated based on so many conditions in the program.
Can it be done or not.
Thanks,
palani"

robvolk
Most Valuable Yak

15732 Posts
Posted - 2005-07-07 : 06:18:19
Yes it can be done, and it is the worst idea possible. It is a major security hole too:

http://www.sqlteam.com/forums/topic.asp?TOPIC_ID=52068

You can find out how bad it can be by Googling "sql injection", or reading this:

http://www.sqlteam.com/forums/topic.asp?TOPIC_ID=52016
Go to Top of Page
   

Subscribe to SQLTeam.com

SQLTeam.com Articles via RSS

SQLTeam.com Weblog via RSS

- Advertisement -

Resources

Articles

Forums

Blogs

Contact Us

About the Site