Filtering Parameters in a SQL 2008 Stored Procedure

Ash explains the concept of Filtering Parameters in a Stored Procedure in this blog post.

This method is safer and more beneficial than dynamically creating and passing a sql query from the code layer and using sp_executesql, as it helps to avoid sql injection attacks.

However, the author explains there is a pitfall because you may sacrifice index optimization.

Check it out!

May your dreams be in ASP.NET and your code free from sql injections!

Nannette Thacker

 

1 Comment

Comments have been disabled for this content.