Always use Binding Variables in SQL queries

reshi999

5.00/5 (1 vote)

Apr 27, 2011

CPOL

12781

Thanks for that. In MS SQL Server, I use the following technique to avoid full compile:DECLARE @sql VARCHAR(100)DECLARE @pk INTSET @pk = 2SET @sql = 'SELECT id, pcname FROM pod WHERE id = ' + CAST(@pk AS VARCHAR)EXEC (@sql)-- or -- EXEC sp_sqlexec @SQL

Thanks for that. In MS SQL Server, I use the following technique to avoid full compile:

DECLARE @sql VARCHAR(100)
DECLARE @pk INT

SET @pk = 2
SET @sql = 'SELECT id, pcname FROM pod WHERE id = ' + CAST(@pk AS VARCHAR)

EXEC (@sql)

-- or -- 

EXEC sp_sqlexec @SQL