Originally posted by: dstoltz
That's the way I think I'm going to go...writing an SP for every needed query is kind of a pain, but I guess it's a lot better than being hacked!
Certainly, being hacked can endanger your job.
Stored procedures have lots of advantages. Try to avoid Dynamic SQL in a stored procedure.
If you must use Dynamic SQL, you have t parse the appropriate text parameters for SQL Injection Attack.
Kalman Toth - Database, Data Warehouse & Business Intelligence Architect
SQL Server Training, SSAS, SSIS, SSRS: http://www.sqlusa.com/