EXEC vs. sp_executeSQL

When we want to execute a TSQL string we can use both EXEC and sp_executesql statements. But there are some very important differences between them sp_executesql allows for statements to be parameterized Therefore It’s more secure than EXEC in terms of SQL injection sp_executesql can leverage cached query plans. The TSQL string is built only…

8