July 2025 Discount: Comprehensive Database Performance Health Check | Testimonials

Home

SQL SERVER – One Trick of Handling Dynamic SQL to Avoid SQL Injection Attack?

Pinal Dave
SQL Tips and Tricks
MySQL, SQL Scripts, SQL Server, SQL Server Security

SQL Server has so many things to learn and I always find it amazing. My conversations with customers often come up with security questions esp around SQL Injection. Many have claimed SQL Injection is a SQL Server problem. It takes quite some time for me to let them know there is nothing about SQL Server and SQL Injection. SQL Injection is an outcome of wrong coding practices. One of the recommendations I give is about not using Dynamic SQL. There might be some situations where you can’t avoid it. My only advice would be, avoid if possible. In this blog, I would demonstrate a SQL Injection problem due to dynamic SQL and a possible solution you can have.

Read More

SQL SERVER – Invoking a Stored Procedure from Azure Mobile Services – Notes from the Field #066

Pinal Dave
SQL Tips and Tricks
Notes from the Field, SQL Server, SQL Server Security

[Note from Pinal]: This is a 66th episode of Notes from the Field series. Azure Mobile Services is a very critical aspect and not many people know about it. When I read this article, I find it humorous at points and some of the examples also reminded me of my past experience. If you are in data security, you will have a great time reading these notes, but if you are not, you will still love it.

Read More

SQL SERVER – The DBA goes to MARS – Maintenance, Architecture, Research and Support – Notes from the Field #063

Pinal Dave
SQL, SQL Server, SQL Tips and Tricks
Notes from the Field, SQL Server Security
[Note from Pinal]: This is a 63rdth episode of Notes from the Field series. Storytelling is an art very few have mastered in their life. When I requested Stuart to share his ideas about his famous blog about MARS, I really had not expected the response which I have received in…
Read More