stored-procedures parallel-data-warehouse

How to exit a stored procedure in PDW

I am working in PDW AU5. I am writing a stored procedure that needs dynamic SQL (because of variable database names). So, to prevent SQL injection, I am doing a simple test of the input parameter value to the stored procedure. If the test fails, I want to exit the stored procedure. Normally on SMP, I would do this with RETURN -1. However, RETURN isn't allowed in stored procs on PDW. How can I get around this?

Solution

You can try to use the QUOTENAME function to escape the single quote character on the input string to stop the Dynamic SQL from injected.

DECLARE @userfield VARCHAR(255) = 'abc'' ;SELECT 1; '
DECLARE @sql NVARCHAR(4000)

SET @sql = 'SELECT ' + QUOTENAME(@UserField, '''')

PRINT @sql

EXEC (@sql)

See another post about how to prevent SQL Injection how to prevent SQL Injection

sqlDecimal to decimal clr stored procedure Unable to cast object of type 'System.Data.SqlTypes.SqlDecimal' to type 'System.IConvertible'
Passing a table name as a variable to Snowflake stored procedure
Can't drag stored procedure onto dbml designer
Return Stored Proc Results in CTE
Only members of the sysadmin fixed server role can perform this operation. Azure SQL Server Database vs SQL Server Database
What does the new stored procedure default content mean?
Pass table columns as arguments into Teradata SQL stored procedure
Why is DELETE FROM vehicle_data WHERE NOW() > expires_at; failing in my stored function?
How to handle the exception in Snowflake SQL scripting stored procedure with return type as TABLE
How to debug a SP response in Quarkus using EntityManager
Does the prepared SQL statements in a stored procedure make the performance better?
Return multiple ref cursors in single OUT parameter of stored procedure
Stored Procedure for Deleting in Chunks - LOOP not executing
SQL Stored Procedures not finishing when called from Python
How to compare values which may both be null in T-SQL
Data not getting updated via stored procedure in Oracle
How do I resolve SnowparkSQLException: ... User is empty in function for Snowpark python SPROC invocation?
Why must some stored procedures in MSSQL be called with `master..` prepended while other can be called without it?
T-SQL - stored procedure - "IF EXISTS" vs. "WHERE EXISTS"
How to pass NULL Value to Stored Procedure Through C#
How to get values from another stored procedure and insert it into the temporary table in one stored procedure in MySQL?
How to renumber the field value in SQL using SQL script
EF6 Stored Procedure does not accept parameters
SQL condition based on variable value
T-SQL stored procedure - error inserting the last variable
Azure Data Factory - Null parameter in stored procedure activity
Azure Data Factory - wait until stored procedure is executed before continuing the next activities
How to find circular dependent table in sql server
Running Sql Server stored proc in context of caller
Creating stored procedure in SQLite