on 06-15-2016 6:25 AM
Hi experts,
I just started using HANA SQL but have been doing SQL for quite a while now.
I know that in SQL, using Dynamic SQL is bad as it imposes security risks such as SQL injection.
Does the same thing apply to HANA SQL? Like, if you were to create a variable that holds an SQL that creates a table then execute it.
Or is there a similar thing like in SQL, you have to use Parameterized SQL Queries?
Thanks,
Raye
Hello Raye,
If you meant HANA SQLScript then yes, using dynamic SQL constructions such as EXEC on your procedure should be avoided for the reasons you mentioned. See
SQLScript Security Considerations - SAP HANA SQLScript Reference - SAP Library
BRs,
Lucas de Oliveira
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
91 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.