<div>
I don't think it really matters from a performance point of view. Neither is compiled or checked for errors until execution. From a security point of view neither should be used without validating the input against SQL injection. <br />
<br />
-MJC
</div>


I don't think it really matters from a performance point of view. Neither is compiled or checked for errors until execution. From a security point of view neither should be used without validating the input against SQL injection.

-MJC

<div>
&gt;&gt;From a security point of view neither should be used without validating the input against SQL injection. <br />
<br />
do you have an example?
</div>


>>From a security point of view neither should be used without validating the input against SQL injection.

do you have an example?

<div>
<div class="content wysiwyg-content">
I have a co-worker who says dynamic sql shouldn't be used in stored procs because it defeats the purpose of using SQL. He says it doesnt make sense. He says the dynamic sql should be build in code (C#/ASP.Net in this case) and just run it in the code...<br />
<br />
<br />
I dont see an issue with using dynamic sqls in stored procs. Any pros/cons?
</div>
</div>


I have a co-worker who says dynamic sql shouldn't be used in stored procs because it defeats the purpose of using SQL. He says it doesnt make sense. He says the dynamic sql should be build in code (C#/ASP.Net in this case) and just run it in the code...


I dont see an issue with using dynamic sqls in stored procs. Any pros/cons?

Anything wrong with dynamic SQL in stored proc?

Microsoft SQL Server 2005 is a suite of relational database management system (RDBMS) products providing multi-user database access functionality.Component services include integration (SSIS), reporting (SSRS), analysis (SSAS), data quality, master data, T-SQL and performance tuning. It includes support for managing XML data and allows a database server to be exposed over web services using Tabular Data Stream (TDS) packets encapsulated within SOAP (protocol) requests.