RE: Passing a querystring to a stored procedure?
- keep sql-injection in mind ! Check http://qa.sqlservercentral.com/columnists/chedgate/sqlinjection.asp- just define your variables as sp-parameters and handle your statement in your sp. You will soon discover it's best to work with known predicates.- check http://www.sommarskog.se/dynamic_sql.html and http://www.sommarskog.se/dyn-search.html
2004-03-03