|
|
Posted by Erland Sommarskog on 10/01/58 11:17
Elroyskimms (elroyskimms@yahoo.com) writes:
> Is there a security risk behind using SELECT * or is it a "Best
> Practice"? Thanks!
Best practice.
Assume that the function where you use this query actually reads six of ten
columns. First of all you save some network bandwidth, by only getting
the columns you need. Second, assume that the DBA considers dropping
one of the columns. If you explicitly list the columns you need, he can
easily see whether you are using that column or not. Third, the DBA may add
another column, and insert it in the middle, if you now have referred to
columns by number in the client (which is bad practice), your function will
stop working.
SELECT * is wonderful for debugging when do you ad-hoc queries, but it's
bad in production code.
--
Erland Sommarskog, SQL Server MVP, esquel@sommarskog.se
Books Online for SQL Server SP3 at
http://www.microsoft.com/sql/techinfo/productdoc/2000/books.asp
[Back to original message]
|