SQL Server Programming Part 13 - Dynamic SQL

If you'd like to help fund Wise Owl's conversion of tea and biscuits into quality training videos you can click this link https://www.wiseowl.co.uk/donate?t=1 to make a donation. Thanks for watching!

By Andrew Gould

https://www.wiseowl.co.uk - Dynamic SQL allows you to build a complete statement out of individual strings of text and execute it as though it was an SQL statement. It allows you to create immensely flexible queries in which any part of a statement can be parameterised but it can also leave you vulnerable to the dreaded SQL injection attack! This video teaches you how to build dynamic SQL statements, how to use stored procedures to parameterise the process, and the potential dangers of using dynamic SQL in a live system.

You can view a written version of this tutorial at:
https://www.wiseowl.co.uk/blog/s363/d...

You can download the script to create the Movies database used in this video at the following link:
https://www.wiseowl.co.uk/sundry/movi...

For more information on SQL injection attacks and how to prevent them you can't do better than Erland Sommarskog's definitive article:
http://www.sommarskog.se/dynamic_sql....

For a geeky joke about dynamic SQL see XKCD:
https://xkcd.com/327/

You can see the range of resources and courses we offer in SQL Server here:
https://www.wiseowl.co.uk/sql/

Visit www.wiseowl.co.uk for more online training resources in Microsoft Excel, Microsoft Access, Microsoft PowerPoint, Microsoft Word, Microsoft Project, Microsoft Publisher, Microsoft Visio, SQL Server, Reporting Services, Analysis Services, Visual Studio, ASP.NET, VB.NET, C# and more!