SQL Server – Dynamic SQL – SQL Injection – EXEC [ QUOTENAME() , REPLACE() , EXECUTE AS ] – Sp_executesql – [ RECOMPILE ]