Code Analysis

BP013


EXECUTE('SQL script') is used

EXECUTE('SQL script') is being used to execute a SQL batch in a string.

Avoid using EXEC to run dynamic SQL. It is there for backward compatibility only and is commonly used for SQL injection. Use sp_executesql instead, because it allows parameter substitutions for both inputs and outputs and also because the execution plan that sp_executesql produces is more likely to be reused.

Available in

SQL Code Guard

 SQL Prompt



Didn't find what you were looking for?