Discussion on:
Generate dynamic SQL statements in SQL Server

7
Comments
Add Your Opinion

Join the conversation!

Follow via:
RSS
Email Alert
Community Preferences
0 Votes
+ -
My Solution for Ajax-based Applications
TJ111 Updated - 11th Mar 2008
I wrote a custom SQL Interface class to allow for dynamically created queries on Ajax applications (PHP). It's excellent for situations such as this, and doesn't rely on SQL Procedures to do the work. I verify data in the current script, then send it to overloaded functions which also (by default at least) clean strings and arrays to prevent nasty SQL injections. I think it provides alot more feature-rich query creation (via method overloading and SQL statement creation) and removes alot of security risks involved with dynamic SQL in SQL Procedures. What do other people think of this?
0 Votes
+ -
Dynamic SQL and Ajax
skrahimi@... 11th Mar 2008
That sounds interesting. I like the approach of not using T/SQL better. Can you post your script?
0 Votes
+ -
Neat
chapman.tim@... 11th Mar 2008
It sounds neat to me.

By the way, whether you write it in VB, C++, C#, or whatever, SQL is SQL. I guess you mean you like the idea of not writing it in stored procedures better?
0 Votes
+ -
one more thing to think about
steitelbaum@... Updated - 14th Mar 2008
it seems to me that the bread and butter of products like RS and SSIS is metadata. Dynamic SQL seems to hide a lot of the things a metadata based product might need at design time. I am a big fan of dynamic sql because every so often a really good reason for using it comes up. Therefore, I'd like to recommend that readers of this article consider how using dynamic sql might eventually force their hand into the use of temp tables, table variables or a trick I just learned of (havent tried it) where a select where 1=0 approach is used to pretend that the query results will be coming from a temp table or table var, when in fact they're really going to come from dynamic sql.
0 Votes
+ -
I'd have to ghave a really really good
Tony Hopkinson 11th Mar 2008
reason to pu it in product level code and building a where clause would not be it.

It comes into it's own for admin scripts though.

Like rolling through a query from sysdatabases and running dbcc on them and such.
0 Votes
+ -
Re: I'd have to ghave a really really good
chapman.tim@... 12th Mar 2008
I agree...it was more of an "how to do this" than a "you should do this".

Also, for your example, I imagine you could use sp_msforeachdb for something like that...

Tim
0 Votes
+ -
Could I ?
Tony Hopkinson 17th Mar 2008
I don't need my trusty cursor on sysdatabases anymore?

I ought to keep up to date really.

Hmmm you find away of doing things, it works damn fine, some clever arse goes and spoils it and makes you look bad.

I shall have to look that up now, or perhaps more grist for your mill?
Keyboard Shortcuts:
Prev
Next
Toggle
Join the conversation
Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]

Join the TechRepublic Community and join the conversation! Signing-up is free and quick, Do it now, we want to hear your opinion.

Join Login

Keep Up with TechRepublic

Discover more newsletters

Follow us however you choose!

Media Gallery

View All

Hot Discussions

Start a Discussion
View All

Hot Questions

Ask a Question