Redmond Magazine

T-SQL Smarts -- Preventing Injection Attacks

Working with dynamic SQL is all well and good, but avoid the risks that can lead to your code being susceptible to a SQL injection attack. As much as making your T-SQL work smarter for you, a la ...
Redmond Magazine

T-SQL Smarts: Executing Sp_executesql

In this third in a series on working smarter with T-SQL, let's give the built-in sp_executesql stored proc a go. In my previous posts, I've described some methods for generating and executing T-SQL ...
Ars Technica

MSSQL: sp_executesql - Need to see the TSQL it generates to execute...

I have a weird issue (well weird to me).<BR><BR>I'm using SSSRS and I'm using multivalued parms so people can select multiple values to pass for a single parameter. (i.e. EntryTypeId and they get a ...
Visual Studio Magazine

10 More New T-SQL Functions

Building on the DATETIMEFROMPARTS, DATETIME2FROMPARTS offers similar functionality, but yields more precise DateTime2 data type, containing fractions of a second to a specified precision. Naturally, ...
Ars Technica

SQL Server 2005 TSQL syntax for getting dta out of an update or insert

this will return: "(1 row(s) affected)" But now I need to know, what data was actually inserted? SQL Server has answered this question in 2005 with the OUTPUT statement: This will return a dataset ...
InfoWorld

What is SQL? The lingua franca of data analysis

SQL is neither the fastest nor the most elegant way to talk to databases, but it is the best way we have. Here’s why Today, Structured Query Language is the standard means of manipulating and querying ...
Computerwoche Online

Programming options pose dilemma for SQL server users

T-SQL will remain the better choice in those scenarios because it’s optimized for testing, retrieving and changing large sets of data, Brust said. Microsoft said that in SQL Server 2005, it has ...