How To Parameterize SQL Table Names

preview_player
Показать описание
Do you know how to safely pass in a table name or column name parameter value into your dynamic SQL query?

sp_executesql won't allow you to parameterize SQL object names. You have to revert back to building dynamic SQL and appending those parameter values to your SQL string.

In this video we examine how to do so safely without opening yourself up to SQL injection attacks.

Links below.

Blog post with example queries:

Follow me on Twitter:

  1. Bert Wagner
  2. SQL Server
  3. SQL
  4. SQL training
  5. SQL tutorial
  6. sql injection
Рекомендации по теме
How To Parameterize 0:02:48

How To Parameterize SQL Table Names

Table Valued Parameters 0:18:31

Table Valued Parameters in Stored Procedures | SQL | SQL Training Sessions

SQL Views In 0:04:23

SQL Views In 4 Minutes: Super Useful! Wow! Crazy! Amazing! I'm Crying Tears Of SQL Joy.

Advanced SQL Tutorial 0:06:15

Advanced SQL Tutorial | Stored Procedures + Use Cases

Power Bi : 0:07:31

Power Bi : Huge Update!! Dynamic Parameters for Transact SQL

Tableau Custom SQL 0:06:12

Tableau Custom SQL with Parameters | Parameterized SQL Query in Tableau | Custom Query in Tableau

Querying SQL Server 0:09:27

Querying SQL Server Data in Excel with a Parameter

C# : Is 0:01:35

C# : Is it possible to parameterize table and column names in SQLite queries?

Dynamic sql table 0:11:59

Dynamic sql table name variable

ms sql server 0:00:40

ms sql server 2012 how to create parameterized query demo

SQL Stored procedures 0:12:09

SQL Stored procedures with output parameters

Making data source 0:03:28

Making data source parameters easy in Power BI Desktop

Parameterized Query 0:03:14

Parameterized Query

Inline table valued 0:11:25

Inline table valued functions in sql server Part 31

SQL Developer : 0:02:36

SQL Developer : Stored Procedure with Input and Output Parameters

A Performance Mystery 0:12:28

A Performance Mystery With Parameterized TOP In SQL Server

SQL Server Performance 4:03:27

SQL Server Performance Essentials – Full Course

6 Query Tuning 1:37:51

6 Query Tuning Techniques - Solve 75% SQL Server Performance Problems (by Amit Bansal)

PL/SQL tutorial 34: 0:05:28

PL/SQL tutorial 34: Table Based Record datatype in Oracle Database Part 2

How To Use 0:03:41

How To Use SQL Temp Tables In Tableau

SQL : Why 0:01:18

SQL : Why is using a parameterized query to insert data into a table faster than appending the value

Call Stored Procedure 0:05:16

Call Stored Procedure with multiple parameters from Excel

PL/SQL tutorial 3: 0:05:22

PL/SQL tutorial 3: SELECT INTO statement in PL/SQL by Manish Sharma RebellionRider

Part8 SQL Parameterized 0:03:22

Part8 SQL Parameterized Stored Procedure | MS SQL Server for beginners | MS SQL Server Tutorials

Комментарии
Автор

The way this has to be done feels like all the things database classes tell you not to do :(

DaniLearnsIT