Is it possible to do dynamic SQL before ASE 12?
——————————————————————————- Again, using CIS, it is possible to fake dynamic SQL. Obviously for this to work, CIS must be enabled. In addition, the local server must be added to sysservers as a remote server. There is a stored procedure, sp_remotesql, that takes as an arguments a remote server and a string, containing SQL. As before, adding SELF as the ‘dummy’ server name pointing to the local server as if it were a remote server, we can execute the following: sp_remotesql “SELF”,”select * from sysdatabases” Which will do just what you expect, running the query on the local machine. The stored proc will take 251 (according to its own documentation) arguments of char(255) or varchar(255) arguments, and concatenate them all together. So we can do the following: 1> declare @p1 varchar(255),@p2 varchar(255),@p3 varchar(255), @p4 varchar(255) 2> 3> select @p1 = “select”, 4> @p2 = ” name “, 5> @p3 = “from “, 6> @p4 = “sysdatabases” 7> 8> ex
Related Questions
- Its great that the application automatically adds some SQL code but is it possible to see exactly what the SQL injection string would be like before sending it?
- Is dynamic modeling suitable to predicting potential drug toxicity? Would it be possible to predict drug toxicity?
- Is it possible to do dynamic SQL before ASE 12?
