Spaces:
Sleeping
Sleeping
File size: 1,447 Bytes
d5f727d | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 | Find dynamic SQL in stored procedures
Files
- find_dynamic_sql_procs.sql: parameterized T-SQL scanner. Use in SSMS, Azure Data Studio, or sqlcmd.
- find_dynamic_sql_procs.py: small CLI wrapper that runs the SQL and emits CSV.
Quick examples
1) Run the SQL directly (Azure Data Studio/SSMS):
-- edit variables at top of file or use client substitution
:setvar TopN 200
:setvar ContextChars 120
-- open and run the file
2) Run via python wrapper (recommended for automation):
```bash
python tools/find_dynamic_sql_procs.py --server demo.azonix.in --database hs-prod3 --uid myuser --pwd "mypassword" --top 200 > dynamic_procs.csv
```
Notes & limitations
- The scanner uses simple LIKE patterns to detect likely dynamic SQL usage (sp_executesql, EXEC(@var), string concatenation).
- It prioritizes precision via a small confidence score but will miss obfuscated dynamic SQL and may return false positives from comments or similar tokens.
- Combine the output with manual inspection of `definition` for highest accuracy.
- The Python wrapper requires `pyodbc` and an appropriate ODBC driver (e.g. ODBC Driver 17/18 for SQL Server).
Security
- Avoid putting credentials in shell history. Prefer using a secure credential store or trusted connections.
Next steps (optional)
- Add a mode to export full proc definitions to files.
- Add a deeper parser using tSQLt or ANTLR for T-SQL to more accurately detect dynamic SQL boundaries.
|