In cases where some SQL code is a necessary part of user input, it’s essential to create a whitelist of valid SQL statements. Only create a list of the most essential statements to avoid ...

Dynamic SQL lets you create a query string based off of user input. SQL Server allows you to create dynamic SQL statements. The statements use a SQL string varchar data type, then you execute the ...

While checking SQL syntax itself is somewhat straightforward, [Joe]’s sql-lint tool will also check the semantics of it by looking up the actual database and performing sanity checks on it.

Oracle9i offers some great tools to make it easy to view the execution plan and trace information for a SQL statement. Prior to Oracle8i, you had to create a plan table and execute special syntax ...