- Популярные видео
- Авто
- Видео-блоги
- ДТП, аварии
- Для маленьких
- Еда, напитки
- Животные
- Закон и право
- Знаменитости
- Игры
- Искусство
- Комедии
- Красота, мода
- Кулинария, рецепты
- Люди
- Мото
- Музыка
- Мультфильмы
- Наука, технологии
- Новости
- Образование
- Политика
- Праздники
- Приколы
- Природа
- Происшествия
- Путешествия
- Развлечения
- Ржач
- Семья
- Сериалы
- Спорт
- Стиль жизни
- ТВ передачи
- Танцы
- Технологии
- Товары
- Ужасы
- Фильмы
- Шоу-бизнес
- Юмор
The Double-Edged Sword of Dynamic SQL EXECUTE Anti Pattern, SQL Injection
SUBSCRIBE ✅ * / @WeThePeopleInTechOrNot
This video isn't just about technical details. Discover how to master the art of communicating your technical skills through this AI-created conversation.
Are you confident your SQL Server dynamic SQL is both secure AND performant? Many developers unknowingly use an anti-pattern with EXECUTE and string variables that puts their databases at risk of SQL Injection and silently causes plan cache bloat.
I break down these threats and provide the proven solution: parameterized dynamic SQL with sp_executesql. Plus, learn how Microsoft Defender for SQL can help you detect active attacks. Upgrade your SQL game!
▬▬▬▬▬▬ C H A P T E R S ▬▬▬▬▬▬
(0:00) The Double-Edged Sword of Dynamic SQL
(2:30) The Anti-Pattern: EXECUTE with String Concatenation
(5:28) Threat 1: How SQL Injection Works
(9:22) The Many Faces of SQL Injection Attacks
(12:11) The Catastrophic Consequences of a Successful Attack
(16:16) Threat 2: The Performance Killer - Plan Cache Bloat
(18:25) How Concatenation Creates Thousands of Single-Use Plans
(20:28) The Vicious Cycle of Memory Pressure and High CPU
(22:32) Diagnosis: Using DMVs to Find Plan Cache Bloat
(24:27) The Solution: Parameterization with sp_executesql
(26:20) Head-to-Head: EXECUTE vs. sp_executesql
(29:13) Refactoring to Secure Code: A Practical Example
(32:33) The Safety Net: Detecting Attacks with Microsoft Defender for SQL
(38:55) Defense in Depth: A Multi-Layered Security Strategy
(39:27) Best Practice: Application-Side Input Validation
(40:53) Best Practice: The Principle of Least Privilege
(42:32) Best Practice: Row-Level Security & Dynamic Data Masking
(44:08) Best Practice: Robust Error Handling to Prevent Leaks
(45:14) Best Practice: Comprehensive Monitoring and Auditing
(47:45) Summary: Taming the Dangers of Dynamic SQL
(50:27) Call to Action: Auditing Your Code and Setting Standards
▬▬▬▬▬▬ Check out! ▬▬▬▬▬▬
💻 The blog post for this video
🔗 https://alexrosatexas.blogspot.com/2025/06/the-double-edged-sword-of-dynamic-sql.html
💻 Explore my Digital Hub
🔗 https://bit.ly/m/AlexRosa
📖 The AI Database Podcast
🔗 https://www.youtube.com/@WeThePeopleInTechOrNot/podcasts
📅 Daily Posts (Tech Quota of the Day, Tech Quiz)
🔗 https://www.youtube.com/@WeThePeopleInTechOrNot/posts
🧠 My LinkedIn Profile, let’s connect.
🔗 https://www.linkedin.com/in/alexrosatxus/
(English) Turn on subtitles, then use the auto-translate option in settings to view them in your native language.
(Portuguese) Ative as legendas e use a opção de tradução automática nas configurações para visualizá-las no seu idioma nativo.
(Spanish) Active los subtítulos y luego utilice la opción de traducción automática en la configuración para verlos en su idioma nativo.
Видео The Double-Edged Sword of Dynamic SQL EXECUTE Anti Pattern, SQL Injection канала We The People, in Tech or Not
This video isn't just about technical details. Discover how to master the art of communicating your technical skills through this AI-created conversation.
Are you confident your SQL Server dynamic SQL is both secure AND performant? Many developers unknowingly use an anti-pattern with EXECUTE and string variables that puts their databases at risk of SQL Injection and silently causes plan cache bloat.
I break down these threats and provide the proven solution: parameterized dynamic SQL with sp_executesql. Plus, learn how Microsoft Defender for SQL can help you detect active attacks. Upgrade your SQL game!
▬▬▬▬▬▬ C H A P T E R S ▬▬▬▬▬▬
(0:00) The Double-Edged Sword of Dynamic SQL
(2:30) The Anti-Pattern: EXECUTE with String Concatenation
(5:28) Threat 1: How SQL Injection Works
(9:22) The Many Faces of SQL Injection Attacks
(12:11) The Catastrophic Consequences of a Successful Attack
(16:16) Threat 2: The Performance Killer - Plan Cache Bloat
(18:25) How Concatenation Creates Thousands of Single-Use Plans
(20:28) The Vicious Cycle of Memory Pressure and High CPU
(22:32) Diagnosis: Using DMVs to Find Plan Cache Bloat
(24:27) The Solution: Parameterization with sp_executesql
(26:20) Head-to-Head: EXECUTE vs. sp_executesql
(29:13) Refactoring to Secure Code: A Practical Example
(32:33) The Safety Net: Detecting Attacks with Microsoft Defender for SQL
(38:55) Defense in Depth: A Multi-Layered Security Strategy
(39:27) Best Practice: Application-Side Input Validation
(40:53) Best Practice: The Principle of Least Privilege
(42:32) Best Practice: Row-Level Security & Dynamic Data Masking
(44:08) Best Practice: Robust Error Handling to Prevent Leaks
(45:14) Best Practice: Comprehensive Monitoring and Auditing
(47:45) Summary: Taming the Dangers of Dynamic SQL
(50:27) Call to Action: Auditing Your Code and Setting Standards
▬▬▬▬▬▬ Check out! ▬▬▬▬▬▬
💻 The blog post for this video
🔗 https://alexrosatexas.blogspot.com/2025/06/the-double-edged-sword-of-dynamic-sql.html
💻 Explore my Digital Hub
🔗 https://bit.ly/m/AlexRosa
📖 The AI Database Podcast
🔗 https://www.youtube.com/@WeThePeopleInTechOrNot/podcasts
📅 Daily Posts (Tech Quota of the Day, Tech Quiz)
🔗 https://www.youtube.com/@WeThePeopleInTechOrNot/posts
🧠 My LinkedIn Profile, let’s connect.
🔗 https://www.linkedin.com/in/alexrosatxus/
(English) Turn on subtitles, then use the auto-translate option in settings to view them in your native language.
(Portuguese) Ative as legendas e use a opção de tradução automática nas configurações para visualizá-las no seu idioma nativo.
(Spanish) Active los subtítulos y luego utilice la opción de traducción automática en la configuración para verlos en su idioma nativo.
Видео The Double-Edged Sword of Dynamic SQL EXECUTE Anti Pattern, SQL Injection канала We The People, in Tech or Not
Alex Rosa Cloud Solution Architect Soluiton Architect Architec Architecture Data Engineering Data Engineer Microsoft Azure Azure Cloud Microsoft Azure SQL Server SQL Server 2025 SQL Azure SQL Azure SQL Database SQL DB Azure SQL Managed Instance SQL MI SQL on Virtual Machine SQLVM Podcast AI AI Conversation AI Voice AI Tools Agentic AI Agentic AI Assistant Assistant Conversation How To Explain Technical Terms NotebookLM Vector Vector Search
Комментарии отсутствуют
Информация о видео
9 июня 2025 г. 21:09:48
00:51:55
Другие видео канала
One Minute Job Savior How to Answer Tricky Questions
SQL Server 2025 AI: Your Catalyst for Data-Driven Innovation
SQL Injection How SP_EXECUTE Prevents Attacks
Database Connection Pools Avoiding Hidden Isolation Issues
Save Your Job! AI Conversation will elevate your game!
Stop Sending Your Data to AI. The Revolution is About Bringing AI to Your Data.
#001 The Error Log (Bloopers & Fails) - SQL Server Injection Video
a dev's life: the 6 stages of debugging
Vector Search Find Needles in Haystacks Instantly
RCSI Boost Database Performance & Reduce Blocking!
Bloated Cache DESTROYS Server Performance! (Fix This NOW)
SQL Injection Why Dynamic SQL Can Be Your Nightmare
Silent Concurrency Killer NET Transaction Defaults!
Multi-Cloud Database Newsletter on LinkedIn!
(Quick Bites) Database Isolation Levels Unlock SQL Server Concurrency!
Your Cloud is at Risk! Enable Zone Redundancy NOW.
SQL Server's Secret Weapon Data vs Code (Security & Speed)
A Pragmatist's Guide to SQL Server Isolation Levels and Locking Hints
Scaling PostgreSQL Connections in Azure a Deep Dive into Multi PgBouncer Architectures
POSETTE 2025: PostgreSQL Innovations and Ecosystem Trends
