Conclusion
You now know how to gather user input and format it to build a query dynamically. You’re aware of some of the pitfalls in constructing dynamic queries as well as some of the security risks.
Keep your database secure by constructing parameterized queries and executing them through the sp_executeSql stored procedure. You can even use these techniques to accomplish tasks beyond simply returning data to the user.
Chapter 7: Quick Reference
| To | Do this |
|---|---|
| Build a query in SQL Server Management Studio’s Query Builder | Right-click a table in the Object Explorer, then choose Open Table from the context menu. Use the buttons on the Query Designer toolbar and the related panes to design your query. |
| Obtain a list of tables and views in a database | Execute ... |
Get Microsoft® SQL Server™ 2005: Applied Techniques Step by Step now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
