4.6 Tuning usp_SearchUsers

In my workload, this is the most resource-intensive proc – but it doesn’t actually have parameter sniffing. It has the opposite problem: it’s building unsafe, unparameterized dynamic SQL vulnerable to SQL injection. When we fix it by properly parameterizing the dynamic SQL, we actually introduce parameter sniffing – so let’s fix that too while we’re at…

In my workload, this is the most resource-intensive proc – but it doesn’t actually have parameter sniffing. It has the opposite problem: it’s building unsafe, unparameterized dynamic SQL vulnerable to SQL injection. When we fix it by properly parameterizing the dynamic SQL, we actually introduce parameter sniffing – so let’s fix that too while we’re at...