发表新帖
发表新帖

What is dynamic SQL?

后端 未结
关注
9 2287
暗喜
暗喜 2020-12-05 02:28

I just asked an SQL related question, and the first answer was: \"This is a situation where dynamic SQL is the way to go.\"

As I had never heard of

9条回答
  • 北荒
    北荒 (楼主)
    2020-12-05 02:40

    Dynamic SQL is simply a SQL statement that is composed on the fly before being executed. For example, the following C# (using a parameterized query):

    var command = new SqlCommand("select * from myTable where id = @someId");
command.Parameters.Add(new SqlParameter("@someId", idValue));

    Could be re-written using dynamic sql as:

    var command = new SqlCommand("select * from myTable where id = " + idValue);

    Keep in mind, though, that Dynamic SQL is dangerous since it readily allows for SQL Injection attacks.

    0 讨论(0)
 看不清?
提交回复
热议问题