问题
Can you please guide me why dynamic SQL is suggested to avoid ? Is there any way that I can keep on using dynamic SQL and avoid its bad things ?
回答1:
http://www.sommarskog.se/dynamic_sql.html
If you don't understand everything in this, come back and ask a question, but under no circustances should you use dynamic SQl until you understand this article.
回答2:
The main problem is sql injection. People can enter data that can change the intent of your sql.
One of the best solutions is to use sp_executesql. http://msdn.microsoft.com/en-us/library/ms188001.aspx
来源:https://stackoverflow.com/questions/6358187/why-to-avoid-dynamic-sql-queries-any-suggestion-to-remove-there-bad-part-and-t