posted 12 years ago
Couple of thoughts:
Make sure you check the column names, as Rob says, because this could cause security problems. Also, be careful which columns you reveal e.g. you might not want to include PASSWORD in your list of columns.Changing the SQL every time you execute it like this means your DB may not be able to re-use the parsed SQL from previous executions, so performance may not be so good (depends on other factors as well of course).Does it really need to be "dynamic"? I often encounter situations where people are convinced they need infinite flexibilty (sometimes at great cost), when really they only need to switch between a few known options. You might find you only need a couple of alternative SQL statements to cover all the required options.
No more Blub for me, thank you, Vicar.