Jim Lawrence
accessd at shaw.ca
Thu Mar 20 23:30:44 CDT 2008
Beside of the obvious ability for a site to be hacked that use dynamic SQL, the performance hit can be dramatic as many non-compiled SQL chucks are having to be managed. Jim -----Original Message----- From: dba-sqlserver-bounces at databaseadvisors.com [mailto:dba-sqlserver-bounces at databaseadvisors.com] On Behalf Of Arthur Fuller Sent: Thursday, March 20, 2008 9:08 PM To: Discussion concerning MS SQL Server Subject: Re: [dba-SQLServer] Access limitations Sprocs and Views and UDFs all the time. No dynamic SQL ever. Whenever I hear those words, I reach for my Glock :) Admittedly, there are very rare occasions when dynamic SQL is the only way to go, but those occasions are extremely rare. More often than not, it's used because people either don't know how to program TSQL or because they haven't been shown how easy SQL injection is. A. On 3/20/08, Paul Nielsen <pauln at sqlserverbible.com> wrote: > > Hi Arthur, > > I agree ADP is great. But it's a front-end to SQL Server so you're really > testing SQL Server (which regularly handles multi-terabyte databases and > thousands of concurrent connections), not the Jet Engine. I'm wondering > how > far you can push the Jet engine. > > In your use of ADP, did you use a database abstraction layer in SQL Server > (all procs all the time)? Or ad-hoc SQL? > > -Paul > _______________________________________________ dba-SQLServer mailing list dba-SQLServer at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/dba-sqlserver http://www.databaseadvisors.com