X-Received: by 10.224.189.78 with SMTP id dd14mr585479qab.0.1361498685915; Thu, 21 Feb 2013 18:04:45 -0800 (PST) X-Received: by 10.49.1.162 with SMTP id 2mr8801qen.2.1361498685874; Thu, 21 Feb 2013 18:04:45 -0800 (PST) Path: csiph.com!newsfeed.hal-mli.net!feeder3.hal-mli.net!newsfeed.hal-mli.net!feeder1.hal-mli.net!border3.nntp.dca.giganews.com!border1.nntp.dca.giganews.com!nntp.giganews.com!dd2no1952378qab.0!news-out.google.com!t2ni671qaj.0!nntp.google.com!dd2no1952375qab.0!postnews.google.com!glegroupsg2000goo.googlegroups.com!not-for-mail Newsgroups: comp.databases.ms-sqlserver Date: Thu, 21 Feb 2013 18:04:45 -0800 (PST) In-Reply-To: <00d6df61-bf2a-4e17-be9b-3c2b112b118e@googlegroups.com> Complaints-To: groups-abuse@google.com Injection-Info: glegroupsg2000goo.googlegroups.com; posting-host=92.40.236.235; posting-account=dELd-gkAAABehNzDMBP4sfQElk2tFztP NNTP-Posting-Host: 92.40.236.235 References: <695679d9-3eb9-44c8-a7fb-2e60ef2b8373@googlegroups.com> <00d6df61-bf2a-4e17-be9b-3c2b112b118e@googlegroups.com> User-Agent: G2/1.0 MIME-Version: 1.0 Message-ID: Subject: Re: Purge Utility From: rja.carnegie@gmail.com Injection-Date: Fri, 22 Feb 2013 02:04:45 +0000 Content-Type: text/plain; charset=ISO-8859-1 Lines: 16 Xref: csiph.com comp.databases.ms-sqlserver:1399 On Friday, 22 February 2013 01:38:34 UTC, JAW wrote: > My Vparameterdefinition just needed to be increased just needed to be increased and it worked. I like to construct SQL strings with --X marking the end, and check that it's still there at the point of execution - and to use @{name_of_a_token} for expressionss to insert (by REPLACE) in a single string. This seems to work well on nvarchar(max) - I think - where some constructions (I'm not sure which ones) seem to impose a 4000 or 8000 character limit. But, putting BEGIN and END around a block is another way to get the benefit of validation. Some SQL statements, you really don't want to cut short - like, DELETE with no parameters erases every file on the server. (It doesn't.) you