Dynamic Search Queries and How to Protect Them

Target Audience:

Application DBA, SQL, T-SQL Programming, Stored Procedures


What is the solution for implementing truly dynamic search queries? Not just a stored procedure with optional parameters, but something even more dynamic than that? Let the end-user choose the exact fields and, more importantly, the operator types to use on them, in order to get the results that they need. And how do you achieve this level of dynamic interactivity without risking SQL injection? This presentation will answer these questions and give you the solution.

Why I Want to Present This Session:

This solution was inspired by a real-world use case that I encountered a few years back, and still, find myself encountering every once in a while till this day. Especially with the data era slamming down hard upon us, it becomes imperative to be able to provide the exact search results that the user wants. This use case, therefore, is relevant to the SQL community today more than ever.

Additional Resources:

The following two tabs change content below.
Eitan Blumin is a SQL Server Database Expert with more than 13 years of experience in all fields relating to Microsoft SQL Server databases (since the year 2005), including but not limited to: Database design, management, TSQL programming, performance tuning, replication, backup management, security management, high availability and disaster recovery, SSIS, SSRS, encryption and more. Eitan has a deep understanding of SQL Server fundamentals and architecture and is able to craft creative solutions for virtually any problem. Eitan Blumin also has 10 years of experience in Classic ASP, HTML and CSS web development (2000-2010), and some experience in a wide variety of development environments such as PHP, C, C++, C#, VB, Java, Perl, Assembler, Powershell and more. Eitan Blumin is currently working as a senior SQL Server Consultant and Managed Services Team Leader at Madeira Data Solutions. Other than his day-to-day consultant work, he also writes professional materials for the SQL Server community, delivers professional presentations and courses, and serves as a pivotal source of expert knowledge for the Madeira team.

Latest posts by Eitan Blumin (see all)

Previous Post
Ramp Up Your PowerShell Skills with SMO and the SQL Server Module
Next Post
CI and CD with SSDT and Living to Tell about It

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.