Dynamic SQL: Applications, Performance, and Security

This book is an introduction and deep-dive into the many uses of dynamic SQL in Microsoft SQL Server. Dynamic SQL is key to large-scale searching based upon user-entered criteria. It’s also useful in generating value-lists, in dynamic pivoting of data for business intelligence reporting, and for customizing database objects and querying their structure.

Executing dynamic SQL is at the heart of applications such as business intelligence dashboards that need to be fluid and respond instantly to changing user needs as those users explore their data and view the results. Yet dynamic SQL is feared by many due to concerns over SQL injection attacks. Reading Dynamic SQL: Applications, Performance, and Security is your opportunity to learn and master an often misunderstood feature, including security and SQL injection.

All aspects of security relevant to dynamic SQL are discussed in this book. You will learn many ways to save time and develop code more efficiently, and you will practice directly with security scenarios that threaten companies around the world every day. Dynamic SQL: Applications, Performance, and Security helps you bring the productivity and user-satisfaction of flexible and responsive applications to your organization safely and securely. Your organization’s increased ability to respond to rapidly changing business scenarios will build competitive advantage in an increasingly crowded and competitive global marketplace.

• Discusses many applications of dynamic SQL, both simple and complex.
• Explains each example with demos that can be run at home and on your laptop.
• Helps you to identify when dynamic SQL can offer superior performance.
• Pays attention to security and best practices to ensure safety of your data.

What You Will Learn

• Build flexible applications that respond fast to changing business needs.
• Take advantage of unconventional but productive uses of dynamic SQL.
• Protect your data from attack through best-practices in your implementations.
• Know about SQL Injection and be confident in your defenses against it
• Run at high performance by optimizing dynamic SQL in your applications.
• Troubleshoot and debug dynamic SQL to ensure correct results.

Who This Book is For

Dynamic SQL: Applications, Performance, and Security is for developers and database administrators looking to hone and build their T-SQL coding skills. The book is ideal for advanced users wanting to plumb the depths of application flexibility and troubleshoot performance issues involving dynamic SQL. The book is also ideal for beginners wanting to learn what dynamic SQL is about and how it can help them deliver competitive advantage to their organizations.

About the Author

Edward Pollack is a database administrator with over 15 years of professional experience in database design, optimization, server hardware, and public speaking. He has spoken at dozens of SQL Saturday events, as well as at 24 Hours of PASS and the PASS Summit. His passion for sharing knowledge also leads him to create and coordinate a SQL Saturday in New York’s Capital Region, where he has lived for the past 19 years. His long experience computing has lead Edward through many different fields of study, but data storage, security, and optimization has been the one area that has always been of most interest; it will continue to be so for as long as people continue to care about their data.