Filtering Parameters in a SQL 2008 Stored Procedure

News

See all Blog Posts by Nannette.

Nannette Thacker, consultant and owner of Shining Star Services LLC, specializes in development of custom dynamic database driven web applications utilizing ASP.net technologies. Nannette has been developing ASP sites since 1997. Nannette has written numerous articles on web development techniques and tutorials.

Nannette is the owner and developer of ChristianSinglesDating.com.

Subscribe in a reader

Navigation

Ash explains the concept of Filtering Parameters in a Stored Procedure in this blog post.

This method is safer and more beneficial than dynamically creating and passing a sql query from the code layer and using sp_executesql, as it helps to avoid sql injection attacks.

However, the author explains there is a pitfall because you may sacrifice index optimization.

Check it out!

May your dreams be in ASP.NET and your code free from sql injections!

Nannette Thacker

Posted: Mar 05 2009, 10:09 AM by nannette | with 2 comment(s)

Filed under: ASP.NET, SQL Server, General Software Development, stored procedures, SQLServer2008

Comments

Filtering Parameters in a SQL 2008 Stored Procedure - Nannette Thacker ShiningStar.net said:

Pingback from Filtering Parameters in a SQL 2008 Stored Procedure - Nannette Thacker ShiningStar.net

# March 5, 2009 11:56 AM

Ben said:

Other than declared variable assignment, what does this approach have to do with MSSQL08?

# March 5, 2009 10:44 PM

Nannette Thacker ShiningStar.net

Recent Posts

Sponsors

Tags

News

Navigation

Archives