Our discussions of security have alluded to the fact that dynamic SQL does not run in the same scope as the remainder of TSQL in the same stored procedure. In addition to breaking the ownership chain, variables declared locally and globally will not have easy access to each other. When writing application code or stored procedures, passing variables into and out requires a bit of planning, ensuring that the inputs and outputs are correct. Working with dynamic SQL is very similar, and luckily we have a variety of ways in which to manage variables effectively without any level of inconvenience.
Get Dynamic SQL: Applications, Performance, and Security in Microsoft SQL Server now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
