Question: -- Dynamic SQL stored procedure - Dynamic SQL IN list clause --***** CW3.1 PROB 5 ***** /* WARNING - This following stored proc is vulnerable

-- Dynamic SQL stored procedure - Dynamic SQL IN list clause

--*****CW3.1 PROB 5*****

/* WARNING - This following stored proc is vulnerable to SQL Injection Attack */

-- JOIN would be a preferred solution

CREATE PROCEDURE CustomerListByState @States VARCHAR(128)

AS

BEGIN

DECLARE @SQL NVARCHAR(1024)

SET @SQL = 'select CustomerID, CompanyName, ContactName, Phone,

Region from Customers where Region

IN (' + @States + ')' + ' order by Region'

PRINT @SQL -- For testing and debugging /* The following query is executed as dynamic SQL select CustomerID, CompanyName, ContactName, Phone, Region from Customers where Region IN ('WA', 'OR', 'ID', 'CA') order by Region

*/ -- Dynamic SQL execution

EXEC Sp_executesql @SQL

END

GO

-- Execute dynamic SQL stored procedure

DECLARE @States VARCHAR(100)

SET @States = '''WA'', ''OR'', ''ID'', ''CA'''

EXEC CustomerListByState @States

GO

  1. What kind of dynamic SQL it is? (such as passing input / output parameters or concatenating the user inputs, etc.)
  2. Explain the problem?
  3. Is this dynamic sql efficient or not? Why?

Step by Step Solution

There are 3 Steps involved in it

1 Expert Approved Answer
Step: 1 Unlock blur-text-image
Question Has Been Solved by an Expert!

Get step-by-step solutions from verified subject matter experts

Step: 2 Unlock
Step: 3 Unlock

Students Have Also Explored These Related Databases Questions!

Q:

----- --***** CW --***** CW3.1 PROB 8 ***** -- SQL Server dynamic sql stored procedure -- parametrized SQL statement -- Dynamic SQL is not allowed in function (UDF - User Defined Function) -----...

Q:

There are two problems due this week (each worth 35 points) as follows. Case 5-1David L. Miller: Portrait of a White-Collar Criminal (page 144). In comprehensive paragraphs, answerrequirements 1?6....

Q:

Let A, B be sets. Define: (a) the Cartesian product (A B) (b) the set of relations R between A and B (c) the identity relation A on the set A [3 marks] Suppose S, T are relations between A and B, and...

Q:

CREATE PROCEDURE CustomerListByState @States VARCHAR(128) AS BEGIN DECLARE @SQL NVARCHAR(1024) SET @SQL = 'select CustomerID, CompanyName, ContactName, Phone, Region from Customers where Region IN ('...

Q:

CREATE PROC uspProductSearch @ProductName VARCHAR(32) = NULL AS BEGIN DECLARE @SQL NVARCHAR(MAX) SELECT @SQL = ' SELECT ProductID, ProductName=Name, Color, ListPrice ' + CHAR(10)+ ' FROM...

Q:

Given raw data set ( . csv ) contains 1 0 columns and 1 0 0 0 0 raws Rows are random data about accidents in NY from 2 0 1 4 - 2 0 2 4 yy Columns are : 'CRASH DATE', 'CRASH TIME', 'BOROUGH', 'ZIP...

Q:

How to work with views 1 . Locate a raw data source of buss stations or generate random data of buss stations. | 2 . Your data set should contain raw data of some sort - perhaps with \ ( 1 0 + \ )...

Q:

How to work with views 1 ) Locate a raw data source of special interest to you. ( Suggestion - use Kaggle.com ) 2 ) Your data set should contain raw data of some sort - perhaps with 1 0 + columns and...

Q:

Assignment 3 : Testing Advanced MS SQL Stored Procedure Creation ( 7 . 5 % ) Individual Assignment Objective: This advanced lab assignment aims to test your skills in creating and working with...

Q:

Question 3. The attached text file XYX_LTD is an executable SQL script containing workers informations at XYZ company ltd. Execute the script on my SQL workbench and use it to answer the following...

Q:

One division of the Marvin educational enterprises has depreciable assets costing $5,500,000. The cash flows from these assets for the past three years have been the current (i.e, replacement) costs...

Q:

The factorial n! of a positive number (integer) is defined by n! = n(n-1)(n-2). .. 321, where 0! = 1. Write a user-defined function that calculates the factorial n! of a number. For function name and...

Q:

3 Work out each addition. Some working has been shown to help you. =+ = a 1 1 1x5+1x2 5+2 = b 111x7+1x3 +-= + 25 2x5 10 10 37 2 1 2x4+1x3 + 1 3 1x5+3x6 3x7 21 21 + 3 = d 3 4 3x4 12 12 -+-= 65 6x5

Q:

3. For the following chemical reaction, calculate the standard heat of reaction in two ways using data from Table B.1: (i) from standard heats of formation and (ii) from standard heats of combustion....

Q:

7. last word How can patents speed up the process of creative destruction? How can patents slow down the process of creative destruction? How do differences in manufacturing costs affect which...

Q:

LO11.5 Discuss creative destruction and the profit incentives for innovation.

Q:

6. That segment of a competitive firms marginal-cost curve that lies above its average-variable-cost curve constitutes the shortrun supply curve for the firm. Explain using a graph and words. LO10.5