Hip Hop Coding
I’ve never used Dynamic SQL before yesterday.
If you used to, still do, or think you will use it, the article The Curse and Blessings of Dynamic SQL seems to be an excellent write-up on some important aspects. Including defending against dreaded SQL injection attacks.
On help forums where someone responds “Use Dynamic SQL!”, there’s a good chance there will an example like the following:
DECLARE @SQL nvarchar(2000)
SET @SQL = 'SELECT * FROM TableName WHERE Server = ''' + @ServerID + ''''
EXEC (@SQL)
However, simply using EXEC is not a very good practice. Instead sp_executesql can be used to allow a more secure parameterized query:
DECLARE @SQL nvarchar(2000)
SET @SQL = 'SELECT * FROM TableName WHERE Server = @ServerID'
EXEC sp_executesql @sql, N'@ServerID nvarchar(100)', @TableName
For some reason, the syntax created a mental image of a du-rag clad Darius N’ServerID rapping about the virtues of Dynamic SQL.
You’ve seen this:
A SQL query goes into a bar, walks up to two tables and asks, “Can I join you?”
Unrelated: So on Tuesday I walk into the club and a guy (okay Harvey actually) looks up at me and says, with no preamble: “Who IS Liquid Egg Product?”
Reply to Derek SlaterYou may as well have posted in a Japanese and French mix for all I could understand this.
Reply to cottagesweet@Derek: What a horrible joke. I couldn’t stop laughing for about 15 minutes.
Re: Harvey. LOL! How did you answer?
@Mom: Don’t worry, it’s not only you. It doesn’t make much sense to most other readers either.
Reply to Donnie“Beats me”
Actually the longer you make your answer, the more bizarre it gets:
“Some guy named Donnie Briggs – in Houston I think, or Miami – a programmer I believe – who has this blog with some alter-egos that are like the egg version of popular characters – and we, um, kinda think the same stupid things are funny… [long pause] I guess I don’t really have any idea.”
Reply to Derek SlaterWhat? He didn’t ask for me by name?
Reply to The Mascot