Proper way to handle 'optional' where clause filters in SQL?

Question

Let\'s say you have a stored procedure, and it takes an optional parameter. You want to use this optional parameter in the SQL query. Typically this is how I\'ve seen it don

Answer 1

If we convert the SQL to a string, then call sp_ExecuteSQL on it, the reads are almost nil...

1. Because your query is no longer evaluating an OR, which as you can see kills sargability
2. The query plan is cached when using sp_executesql; SQL Server doesn't have to do a hard parse...

Excellent resource: The Curse & Blessing of Dynamic SQL

As long as you are using parameterized queries, you should safe from SQL Injection attacks.