Building High Performance Stored Procedures

[NOTE: Update 12 Nov 2014. The most recent bug (KB article KB2965069) is THANKFULLY very unlikely for most environments (mentioned below). As a result, I’m glad to say that we can use OPTION (RECOMPILE) as a much easier (and safer) solution. So, while I’ll still leave solution 3 as an option if you run into troubles with […]

Little Bobby Tables, SQL Injection and EXECUTE AS

OK, I know many of you have seen this before (an oldie, but a goodie!): (image from, with “copy and share” license described here: License) But, what can you do to prevent this? And, when would this even be possible? This is possible when DSE (dynamic string execution) occurs. There are still some VERY relevant […]

“EXECUTE AS” and an important update your DDL Triggers (for auditing or prevention)

DDL Triggers were a new feature of SQL Server 2005 and while seemingly simple, they are very powerful. DDL Triggers allow you to trap an attempted DDL operation to audit it, prevent it, or do anything you want to validate/verify/”authorize”/etc – you write the code. And, since a trigger fires as part of the transaction, […]