I changed the view in my SP dynamically it helped. Thanks.Alexander Korol wrote:
> I changed the view in my SP dynamically it helped. Thanks.
Huh?
What view?
Oh! Are you saying you used dynamic sql?
Hopefully you are aware of and have taken precautions against sql injection
...
--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.|||Hello Bob,
I do not change or create databases dynamically I simply do not know
beforehand how many there is going to be databases, where they reside and ho
w
they are called. This is say maintanance stored procedure in a reporting
database (the one that collects data from many other databases) and YES I
care about SQL injection.
Thanks for your participation. Looks like you hate dynamically built sql. So
do I - but I am not the architect - just solving particular task :)
Moreover if you could advise any better architecture I will greately
appreciate. I have several production databases of similar structure and one
reporting database where data ready to be reported is kept. Data
preprocessing is so heavy that I can not query data directly from production
databases. So in reporting database SPs are to be run daily against differen
t
production databases and their number depends on a customer. That is why
neither IFs can be used neither fixed queried VIEWs. Customer wants to do as
less actions as possible.
Actually to avoid SQL injection i check that database name is a single word.
Could you advise any other solution?
Thanks again for your help.
"Bob Barrows [MVP]" wrote:
> Alexander Korol wrote:
> Huh?
> What view?
> Oh! Are you saying you used dynamic sql?
> Hopefully you are aware of and have taken precautions against sql injectio
n
> ...
> --
> Microsoft MVP -- ASP/ASP.NET
> Please reply to the newsgroup. The email account listed in my From
> header is my spam trap, so I don't check it very often. You will get a
> quicker response by posting to the newsgroup.
>
>
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment