Dynamic HANA SQL Script? Is it bad?

Former Member · ‎06-15-2016

Hi experts,

I just started using HANA SQL but have been doing SQL for quite a while now.

I know that in SQL, using Dynamic SQL is bad as it imposes security risks such as SQL injection.

Does the same thing apply to HANA SQL? Like, if you were to create a variable that holds an SQL that creates a table then execute it.

Or is there a similar thing like in SQL, you have to use Parameterized SQL Queries?

Thanks,

Raye

lucas_oliveira · ‎06-15-2016

Hello Raye,

If you meant HANA SQLScript then yes, using dynamic SQL constructions such as EXEC on your procedure should be avoided for the reasons you mentioned. See

SQLScript Security Considerations - SAP HANA SQLScript Reference - SAP Library

BRs,

Lucas de Oliveira

Dynamic HANA SQL Script? Is it bad?

Accepted Solutions (0)

Answers (1)

Answers (1)

CF Deployment Error: Error getting tenant t0

Re: [BIG PROBLEM] SAP Host Agent cannot connect to...

Re: How to add dynamically formcell or button tabl...

Re: How to get Binary Value from Partner Directory...

Re: CDS Compiler 4.8.0 rejects function & action r...