How to specify second DB in SSMS

Level Extreme platform

Subscription

Corporate profile

Products & Services

Support

Legal

Français

How to specify second DB in SSMS

Message

From

03/02/2022 15:32:49

Michel Fournier
Level Extreme Inc.
Petit-Rocher, New Brunswick, Canada

01/02/2022 03:37:04

Borislav Borissov
Microcomplex
Sofia, Bulgaria

General information

Forum:

Microsoft SQL Server

Category:

SQL syntax

Title:

Re: How to specify second DB in SSMS

Miscellaneous

Thread ID:

01683400

Message ID:

01683434

Views:

>When I use dynamic sql and have WHERE clause I prefer to use sp_executesql SP. That way you avoid SQL Injections:
>

>declare @cSecondDb as Varchar(100)
>DECLARE @sql nvarchar(200)
>declare @Category as Varchar(25);
>set @Category = '1009F'
>set @cSecondDb = 'SecondSQLDatabase'
>SET @sql = 'select * from '+@cSecondDb+'..mytable where Category = @Category'
>EXEC sp_executesql @sql, N'@Category varchar(25)', @Category = @Category
>

That's a very good point. I've always been wondering about SQL injections in T-SQL. I usually have this protected in the .NET code with parameterized syntax. But, in T-SQL, the sp_executesql would be better to use. Thanks

Michel Fournier
Level Extreme Inc.
Designer, architect, owner of the Level Extreme Platform
Subscribe to the site at https://www.levelextreme.com/Home/DataEntry?Activator=55&NoStore=303
Subscription benefits https://www.levelextreme.com/Home/ViewPage?Activator=7&ID=52

Map

View

Click here to load this message in the networking platform