[dba-SQLServer] Nulls in sprocs

Steven W. Erbach serbach at new.rr.com
Wed Jan 12 15:01:04 CST 2005 

David,

Thanks very much for the pointers. Yes, I can see where creating a temporary sproc could be a security problem. I'll try your other recommendations.

Steve Erbach
Neenah, WI

> ------------Original Message------------
> From: dmcafee at pacbell.net
> To: dba-sqlserver at databaseadvisors.com
> Date: Wed, Jan-12-2005 11:26 AM
> Subject: RE: [dba-SQLServer] Nulls in sprocs
> 
> Have you tried executing a similar example in QA (Query Analyzer)?
> 
> Something like:
> 
> EXEC spUpdPosition NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, 
> SomeValidTestIDHere
> 
> QA, should return the appropriate error.
> 
> Have you also looked at the table design in EM or the column view in 
> the object browser of QA? They will both show you whether or not Nulls 
> are allowed for each field.
> 
> You can also have the sproc return an error to the FE.
> 
> Also, in your last post, you mentioned creating the sproc dynamically 
> in the FE and executing the SQL string. This is generally thought of as 
> a no-no (a security hole)
> 
> HTH
> David McAfee

More information about the dba-SQLServer mailing list