Click here to Skip to main content
15,991,949 members

The Weird and The Wonderful

   

The Weird and The Wonderful forum is a place to post Coding Horrors, Worst Practices, and the occasional flash of brilliance.

We all come across code that simply boggles the mind. Lazy kludges, embarrassing mistakes, horrid workarounds and developers just not quite getting it. And then somedays we come across - or write - the truly sublime.

Post your Best, your worst, and your most interesting. But please - no programming questions . This forum is purely for amusement and discussions on code snippets. All actual programming questions will be removed.

 
GeneralDynamic SQL Pin
Richard Andrew x6430-Jun-24 9:43
professionalRichard Andrew x6430-Jun-24 9:43 
GeneralRe: Dynamic SQL Pin
raddevus30-Jun-24 12:47
mvaraddevus30-Jun-24 12:47 
GeneralRe: Dynamic SQL Pin
Richard Deeming30-Jun-24 21:36
mveRichard Deeming30-Jun-24 21:36 
GeneralRe: Dynamic SQL Pin
PIEBALDconsult30-Jun-24 17:50
mvePIEBALDconsult30-Jun-24 17:50 
GeneralRe: Dynamic SQL Pin
Shane010330-Jun-24 18:07
Shane010330-Jun-24 18:07 
GeneralRe: Dynamic SQL Pin
raddevus1-Jul-24 2:11
mvaraddevus1-Jul-24 2:11 
GeneralRe: Dynamic SQL Pin
Daniel Pfeffer30-Jun-24 19:17
professionalDaniel Pfeffer30-Jun-24 19:17 
GeneralRe: Dynamic SQL Pin
Richard Deeming30-Jun-24 21:31
mveRichard Deeming30-Jun-24 21:31 
Richard Andrew x64 wrote:
submitting the queries with the EXEC command?
Dead | X|

For SQL Server, they should at least be using sp_executesql[^], and passing the parameters as parameters rather than concatenating them into the string.

In some rare situations, it may be worth doing this - for example, if your procedure has a lot of optional filters, building a query that only specifies the ones being used will allow the DBMS to select the most appropriate execution plan for the query. If you put them all in the same query - eg: (@x Is Null Or T.X = @x) - then the execution plan will be selected based on the first set of filters provided, which may be sub-optimal for a different set of filters.

But passing the string to EXEC rather than sp_executesql means they're introducing a SQL Injection[^] vulnerability into the code, which far outweighs any performance benefits.



"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer

GeneralRe: Dynamic SQL Pin
Pete O'Hanlon30-Jun-24 21:45
mvePete O'Hanlon30-Jun-24 21:45 
GeneralRe: Dynamic SQL Pin
jochance2-Jul-24 7:14
jochance2-Jul-24 7:14 
GeneralRe: Dynamic SQL Pin
Sander Rossel9-Jul-24 1:05
professionalSander Rossel9-Jul-24 1:05 
GeneralHow, VS Code? This is amazing. Pin
honey the codewitch22-Jun-24 14:51
mvahoney the codewitch22-Jun-24 14:51 
GeneralRe: How, VS Code? This is amazing. Pin
Richard Andrew x6423-Jun-24 4:32
professionalRichard Andrew x6423-Jun-24 4:32 
GeneralRe: How, VS Code? This is amazing. Pin
honey the codewitch23-Jun-24 4:35
mvahoney the codewitch23-Jun-24 4:35 
GeneralRe: How, VS Code? This is amazing. Pin
Richard Andrew x6423-Jun-24 4:45
professionalRichard Andrew x6423-Jun-24 4:45 
GeneralRe: How, VS Code? This is amazing. Pin
honey the codewitch23-Jun-24 4:46
mvahoney the codewitch23-Jun-24 4:46 
GeneralRe: How, VS Code? This is amazing. Pin
Dave Kreskowiak23-Jun-24 6:11
mveDave Kreskowiak23-Jun-24 6:11 
GeneralRe: How, VS Code? This is amazing. Pin
Luschan25-Aug-24 19:32
Luschan25-Aug-24 19:32 
GeneralWhat the hell gcc? Pin
honey the codewitch17-Jun-24 21:20
mvahoney the codewitch17-Jun-24 21:20 
GeneralRe: What the hell gcc? Pin
RainHat17-Jun-24 22:57
RainHat17-Jun-24 22:57 
GeneralRe: What the hell gcc? Pin
honey the codewitch17-Jun-24 22:58
mvahoney the codewitch17-Jun-24 22:58 
GeneralRe: What the hell gcc? Pin
RainHat18-Jun-24 0:51
RainHat18-Jun-24 0:51 
GeneralRe: What the hell gcc? Pin
0x01AA18-Jun-24 1:23
mve0x01AA18-Jun-24 1:23 
GeneralRe: What the hell gcc? Pin
honey the codewitch18-Jun-24 4:12
mvahoney the codewitch18-Jun-24 4:12 
GeneralRe: What the hell gcc? Pin
jochance18-Jun-24 2:59
jochance18-Jun-24 2:59 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.