What is dynamic SQL?

Question

I just asked an SQL related question, and the first answer was: \"This is a situation where dynamic SQL is the way to go.\"

As I had never heard of

Answer 1

It is exactly what Rowland mentioned. To elaborate on that a bit, take the following SQL:

Select * from table1 where id = 1

I am not sure which language you are using to connect to the database, but if I were to use C#, an example of a dynamic SQL query would be something like this:

string sqlCmd = "Select * from table1 where id = " + userid;

You want to avoid using dynamic SQL, because it becomes a bit cumbersome to keep integrity of the code if the query get too big. Also, very important, dynamic SQL is susceptible to SQL injection attacks.

A better way of writing the above statement would be to use parameters, if you are using SQL Server.