Prepared statement filter - MSSQL
None of the parameters are required. If no parameter is specified, this filter will be invoked for every call to a prepared statement, which would be unusual but not unheard of.
The parameters that can take multiple values can be separated by commas or by newlines.
The SQL(s) or regular expression(s) determining for which prepared statement calls to invoke this filter. They can be separated by commas or newlines.
Zero or more name=regular expression entries specifying for which values of which parameters this filter should get invoked. In addition to all the usual regular expression syntax, if a regular expression contains equal signs, they must be escaped with a backslash (e.g. \=).
A list of IP addresses (IP4 and/or IP6) and/or regular expressions for IP addresses.
A list of user names and/or regular expressions for user names. If specified, only calls from these users will cause execution of the filter.
This filter can be invoked for either the Sp_PrepExec or Sp_Execute stored procedure, and the order of parameters is different between the two.
For Sp_PrepExec, the first three parameters are the statement number (output only), the SQL, and the parameter definition. The values for the prepared statement parameter start after that.
For Sp_Execute, the first parameter is the statement number, and the values for the prepared statement parameter start after that.
This difference is handled automatically when specifying the parameters (see above), i.e. the parameter patterns are normalized to start at 1. But if you want to change the value of a parameter, you will need to take this difference into account (see the example).
We can change the value of a parameter to the prepared statement:
with parameter pattern: