Mi

To prevent sql injection on dynamic sql queries we must use parametrized sql queries. You can generate stored procedure from tables using this tool CodeGenerator  from https://github.com/mijaved/CodeGenerator The following example illustrates optional parametrized sql statement with user supplied sorting and paging parameters: DECLARE @Mode INT = 2, @UserId INT = 0, @LoginId VARCHAR(50)='', @FirstName VARCHAR(50) ='', @LastName VARCHAR(50)='', @Password VARCHAR(32)='', @LastLoginDateFrom VARCHAR(32)='2012-09-19', @LastLoginDateTo VARCHAR(32)='2012-09-20', @SortBy VARCHAR(32)='UserId', @SortOrder VARCHAR(32)='DESC', @StartIndex INT = 1, @MaxIndex INT = 100; IF @Mode = 1 --Without Paging BEGIN SELECT UserId,FirstName,LastName,LoginId,LastLoginDate FROM SEC_TblUsers WHERE 1=1 AND (UserId = @UserId OR @UserId IS NULL OR @UserId <= 0) AND (LoginId = @LoginId OR @LoginId IS NU...

-- Purpose: To Drop Trigger if Exists --==========================   SELECT ' IF EXISTS (SELECT * FROM sys.triggers WHERE object_id = OBJECT_ID(N''' + name + ''')) '      + ' DROP TRIGGER ' + name + ';' FROM dbo.sysobjects WHERE TYPE = 'TR' --Purpose: To Drop Triggers name starts with  I_ or U_ or D_ if Exists -----------------------------------------------------------------------------------   SELECT ' IF EXISTS (SELECT * FROM sys.triggers WHERE object_id = OBJECT_ID(N''' + name + ''')) '      + ' DROP TRIGGER ' + name + ';' FROM dbo.sysobjects WHERE TYPE = 'TR' AND ( name LIKE 'I_%' OR name LIKE 'U_%' OR name LIKE 'D_%') --To Reseed Table's Identity Column --==========================   DBCC CHECKIDENT (PPP_tblHeadGroup, reseed, 1)    DBCC CHECKIDENT (PPP_tblHeadGroup, reseed)   -- Purpose: Data Cleansing Script Ge...