User: aw00d

Using COALESCE function in MSSQL (cleaner code)

on SQL Injection Attacks Increasing

Instead of this:

create procedure myTestProc @someDateTime datetime = '1/1/2050' as
--put insert, delete, update here....
select * from someTable
where (@someDateTime >= someTable.someDate or @someDateTime = '1/1/2050')

Try COALESCE, it is cleaner, and you don't need to worry what happens if your code is still in use 44 years from now.

create procedure myTestProc @someDateTime datetime = NULL as
--put insert, delete, update here....
select * from someTable
where (@someDateTime >= COALESCE(@someDateTime, someTable.someDate)

Docs are here:
http://msdn.microsoft.com/library/default.asp?url= /library/en-us/tsqlref/ts_ca-co_9dph.asp