MartyConnelly
martyconnelly at shaw.ca
Tue Dec 20 04:40:17 CST 2005
SQL injection is the problem. Michael Maddison wrote: >Hi Jürgen, > >When faced with the same problem I went dynamic. Every other option just >as you say looks ugly. >I never found a good alternative, no one has offered one this time either. >It seems to me that in situations like this the 'developers' go with dynamic SQL, the dba's moan ;-) > >cheers > >Michael M > > > >Michael: > >With variable joins, do you point somthing like a list source of search 'hits' to different queries, one query for each join, or how do you handle variable combinations of joins? Lets say there is 1 table that may be joined to 0 to 5 other tables in various combinations, being 32 possible querydefs. I've always constructed the SQL in code and was very satisfied with the performance. Add another table and you're up to 64 querydefs. >That's ugly. > > > >Ciao >Jürgen Welz >Edmonton, Alberta >jwelz at hotmail.com > > > > > > > >>From: "Michael Maddison" <michael at ddisolutions.com.au> >> >> Hi Jürgen, >> >>If you go with variable parameters check out the 'With Recompile' option. >>It forces a new execution plan each time the procedure is run and >>overcomes SQL's 'parameter sniffing' problem. >> >>cheers >> >>Michael Maddison >> >>DDI Solutions Pty Ltd >>michael at ddisolutions.com.au >>Bus: 0260400620 >>Mob: 0412620497 >>www.ddisolutions.com.au >> >> > > > > -- Marty Connelly Victoria, B.C. Canada