Re: How to pass column name to a stored proc as a parameter
From: Adi (adico_at_clalit.org.il)
Date: 10/05/04
- Next message: Mike Labosh: "Re: How to pass column name to a stored proc as a parameter"
- Previous message: Subhash Agarwal: "SQL Question"
- In reply to: David Gugick: "Re: How to pass column name to a stored proc as a parameter"
- Next in thread: Mike Labosh: "Re: How to pass column name to a stored proc as a parameter"
- Messages sorted by: [ date ] [ thread ]
Date: 5 Oct 2004 12:08:33 -0700
You can use Dynamic SQL in order to do that, but make sure that you
understand the security problems that this might cause you. The
ownership chain will get broken and you'll have to grant permissions on
the base table. Beside that make sure that you validate the user's
input. If you won't validate it, then SQL Injection might be used
against your database through your application.
Adi
- Next message: Mike Labosh: "Re: How to pass column name to a stored proc as a parameter"
- Previous message: Subhash Agarwal: "SQL Question"
- In reply to: David Gugick: "Re: How to pass column name to a stored proc as a parameter"
- Next in thread: Mike Labosh: "Re: How to pass column name to a stored proc as a parameter"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
