Walter Meester
HoogkarspelPays-Bas
Information générale
Catégorie:
Base de données, Tables, Vues, Index et syntaxe SQL
Versions des environnements
Network:
Windows 2003 Server
>>Well basically I don't have the authority to upgrade the SQL servers...Those are the clients responsibility... BTW, if you want to create serverside cursors (SELECT * INTO #CURSOR FROM ...), you cannot even use parameters. I know the risk of SQL injection is serious and we use paramerters where applicable, but there are circumstances where we simply cannot use them and are doing what we can to prevent SQL injection.
>
>Sorry I don't understand what you mean by "(SELECT * INTO #CURSOR FROM ...), you cannot even use parameters". I can. I really don't know a case where I can't use parameters (and there are even ways to pass 2100 parameters limit by passing say a string or xml to be parsed - for example IN query implementation via string is efficient and fast), there might be.
>Cetin
By using parameters it is executing the sp_executeSQL stored procedure within its own transaction. Any temporary table created is released as soon as the transaction completes.
Précédent
Répondre
Voir le fil de ce thread
Voir le fil de ce thread à partir de ce message seulement
Voir tous les messages de ce thread
Voir tous les messages de ce thread à partir de ce message seulement