Does changing a parameter value in a stored procedure before the query affect the cardinality estimate?

I routinely “scrub” the parameters of my stored procedures at the top before I run the query like this:

-- Scrub params
SET @SearchText = NULLIF(@SearchText, '')
SET @ThreadId = NULLIF(@ThreadId, 0)
SET @Hashtag = NULLIF(@Hashtag, '')

But then from this article I read the following:

If the query predicate uses a local variable, consider rewriting the
query to use a parameter instead of a local variable. The value of a
local variable is not known when the Query Optimizer creates the query
execution plan. When a query uses a parameter, the Query Optimizer
uses the cardinality estimate for the first actual parameter value
that is passed to the stored procedure.

Does it count as using a local variable if the value originated from a parameter? I’m wondering if my parameter scrubbing could affect the creation of the query execution plan.

Go to Source
Author: adam0101

Is this SP safe to SQL Injection?

CREATE PROCEDURE [sp_Test] (
     @param nvarchar(Max)
) AS BEGIN

DECLARE @Output nvarchar(Max) = 
N’Select ‘ + @param

Select @output
Return

Intended Use

exec sp_test ‘5’

Returns “select 5”

Malicious Use

exec sp_test ‘5; drop database’

Returns(would be safe):
“select 5; drop database“

—-OR—-

Returns(not safe):
“select 5”
…but also actually dropping the database

MS SQL Server

Go to Source
Author: Donnie

Generate all combinations for variables and insert into temp table

0

I have one requirement there are 4 variables and i want all combinations of 4 variables and insert into temp table .

DECLARE StartDateTime DATETIME;
DECLARE Age INT; 
DECLARE Duration INT ;
DECLARE TotalDD INT;

CREATE TEMPORARY TABLE tempTable(
    Duration INT,
    TotalDD INT,
    Age INT,
    StartDateTime DATETIME,
   
);
SET Age = 16;
SET TotalDD = 14;
SET Duration = 30;
SET StartDateTime = CURDATE();

Excepted Result:

Duration age TotalDD StartDateTime
30 null null null
null 16 null null
30 null null null
30 16 null null
null null 14 20200622
30 null 14 null
30 16 null 20200622

……….. ………. so on

Go to Source
Author: user202