I am wondering what the advantages of using CRL Sprocs over T-SQL sprocs and what not.
Looking for such comparison and articles on websites resulted in only "how to create CRL sprocs" but none of them were talking about what they are used for in what situations.
I would really appreciate it if you guys can post comments, links and external articles.
I find the replication put many sprocs with sp_ prefix in our database. Do you think that should be changed? I have been told not to use sp_. See http://www.sqlmag.com/Article/ArticleID/23011/sql_server_23011.html.
i have a question. how do i protect my website from sql injection.right now most of my queries are in the form of: Public Sub updateCredits(ByVal deduct As Int16, ByVal userid As Guid) Dim cmd As New SqlCommand Dim con As New SqlConnection(ConfigurationManager.ConnectionStrings("LocalSqlServer2").ConnectionString) cmd.Connection = con cmd.CommandType = Data.CommandType.Text cmd.CommandText = "Update [userprofile] SET credits = credits - @c WHERE userID= @id" cmd.Parameters.Add("@id", SqlDbType.UniqueIdentifier).Value = userid cmd.Parameters.Add("@c", SqlDbType.Int).Value = deduct Using con con.Open() cmd.ExecuteNonQuery() con.Close() End Using cmd.Dispose() End Sub is that a safe way to do it? using parameters and stuff? or should i completely switch over to stored procedures as i hear they are safer.
I know you can use sql profiler to see what sqlcode actually executed when you run a sproc, but is there any way toget this information in asp.net? After executing a sproc, I'd like to send the sqlcode that was sent, to my Audit class. Is there any wayto retrieve this in asp.net itself?cheers!
While trying to assign a variable a table name then later use the variable name in a select statement (ie select sys_id from @table_name) it fails and says incorrect syntax.
How can I use a variable for a table name to later use within the sproc?
is it possible to have a sproc with a input parm of a column name and have this column name be inserted into an exec statement that runs and provides the output as a OUTPUT parm instead of a result set?
i can get the sproc to take the column name as a parm, run the exec, but cannot figure out how to assign the "dynamic sql" output to a OUTPUT variable instead of returning the result set.
I know that stored procedures(sql server) caches stored procedures in memory where it keeps the compiled execution plan in memory, how does it work with the views does sql server store /cache the views. Just wondering Thanks
Can someone explain the generated sprocs of VS2005 if one column can be nullableDependentOfSeqID = @Original_DependentOfSeqID OR ((@IsNull_DependentOfSeqID = 1) AND (DependentOfSeqID IS NULL))In VS2003 the generated sprocs would beDependentOfSeqID = @Original_DependentOfSeqID OR ((@Original_DependentOfSeqID IS NULL) AND (DependentOfSeqID IS NULL))Which is the best?
Due to a business rule change, I had to take what was 1 column in a table and split it off into a new table. Now I need to find every time that column is used in a SPROC and change those sprocs. Is there a way to sift through the sprocs to search for a "phrase" (the column name) -- other than reading through every one manually?
there's a concept named cyclomatic complexity in software dev which measures the complexity of code by its number of decision points. This would be measured by # of if statements, nested if statements, etc in a method.
Do SQL queries have any type of equivalent? For example, # of joins, # of conditions, etc. Factors into a complexity metric which indicate how complex, risky or error-prone a sproc might be based on certain factors?
Anyone have the code that would allow me to see if any of my sprocs contain references to a function? I imagine it would someting like select name from sysobjecst where charindex(whatevertextis, 'ufnName') > 0
Is it possible to rollback changes made to the DB when debugging a t-sql sproc in VS2005? i.e. step through the sproc, then hit rollback and be able to step through it again in the same state
We have a growing number of servers and databases on each server that all share the same (sub)set of sprocs and UDFs. DTS packages, which we use for data import, frequently need to be copied between the servers. What is the best way to maintain this? Ideally, I would like to be able to click a button and have a script creating or altering one or more sprocs automatically run aginst all DBs on all servers. Likewise, I'd like to be able to copy DTS packages to all servers.
We use SS2000 SP4 and plan to migrate to SS2005. We also use ASP.net 2.0 and VS 2005 SP1.
I'm using what looks to be a popular script to grant execute privileges to stored procedures, and it works great as long as the user account that you want to grant to is not a domain account. For example, I need to grant execute to myDomaindbUsers, but get a syntax error when the script tries to execute this statement:
SET @SQL = 'GRANT EXECUTE ON [' + @Owner
+ '].[' + @StoredProcedure
+ '] TO myDomaindbUsers'
Incorrect syntax near ''.
The script works fine if a non-concatenated user account is given. We use Active Directory to manage our access, thus the domaingroup. Has anyone found a way around this? Thanks in advance.
Tess
Here's the entire script for anyone who's interested:
USE whateverDatabase
GO
DECLARE @SQL nvarchar(4000),
@Owner sysname,
@StoredProcedure sysname,
@RETURN int
-- Cursor of all the stored procedures in the current database
I really confused , I wanna get an rowid on sql 2000 table so I have created a sproc and it's syntax is OK How can I check it on sql query analyzer? this sql server 2000 Also How can I use that in select statement?
thanks..
here is my select statement which I have to use sproc inside select custid,ordernum,sku,amount, dbo.get_rownums (custid,ordernum,sku ) ??? from tp_cod cod
here is my sproc: CREATE PROCEDURE [dbo].[get_rownums] @custid as varchar(10),@ordernum as varchar(5),@sku as varchar(10) , @i as int output AS BEGIN DECLARE @SkuID as varchar(10) --DECLARE @i as int DECLARE got_sku CURSOR FOR Select sku from tp_cod where custid=@custid and ordernum=@ordernum set nocount on set @i=0 OPEN got_sku FETCH NEXT FROM got_sku INTO @SkuID WHILE @@FETCH_STATUS = 0 BEGIN Set @i =@i + 1 if @SkuID=@sku begin return @i end else begin FETCH NEXT FROM got_sku INTO @SkuID end END CLOSE got_sku DEALLOCATE got_sku END GO
Just a general question here.. I'm designing a web application that might have 50 million - 100 million rows plus. Basically its a simple logging table each row probably only 24 bytes wide, however I can see it taking quite awhile to execute.
The query is basically a group by, showing the amount of "hits" per day.
Are there any special types of strategies I should implement ? Or is a properly designed structure with indexes likely sufficient (on the right hardware of course)
In Enterprise Manager one can select several SPROCS/VIEWS using the CONTROL key and then Right-Click to script out those objects. Alternativly, pressing CONTROL-C copies, to the clipboard, the T-SQL to create the selected objects.
SQL Management Studio seems to only allow you to script one object at a time.
Is there a way in SQL Management Studio to select multiple objects and generate create or modify scripts?
There are plenty of scripts to do this on a per-DB level, but any that will allow me to generate a script for all DB's at once? Mine are split across dozens and it would be much easier to do a loop (using MS_ForeachDB ? )
hi ! my boss is thinking of redoing our accounting system which is currently running on FOXPRO - we are planning on a VB/SQL SERVER platform.but he isn't convinced that the benefits of SQL server outweigh those offered by FOXPRO especially since everyone in the office is very comfortable with Foxpro.Can anyone give me some solid advantages of SQL SErver or any other RDBMS over Foxpro ?
If I have an application that has at most 20 users with an average of 3-4 concurrent requests to the server and the databases size is 1 gig probably to grow to at most 1.5 gigs in the next 5 years why would I choose Express over MSDE?
MSDE can take advantage of more than 1 gig of memory and can use 2 CPUs. I really don't see any benefit whatsoever in my case to go to SQL Express, in fact all I see is drawbacks.
I hear about upgrading all over the place but I just don't see any good reason in my situation. Am I missing something here?
This may be too general a question but I'm going to ask it anyway.
I'm moving data from a source DB (say A) to a target DB (say B). On A I need to join 3 tables and, after some lookups etc., I need to populate several tables in B. Inserting into B's tables involves sequential operations because in many cases I have to get back the value of an Identity column to use as in input value in a another table 'downstream'. Additionally, the tables in B are populated as a group i.e. if the insert on any one fails the entire group's insertion needs to be rolled back.
I set up a set of stored procedures to do this. The master Stored Proc opens a read-only cursor and for each row of the cursor executes the other SPs in proper sequence. Some of the SPs are 'enclosed' within a transaction to enable a Rollback on the group.
My major concern with this approach was the 'known' inefficiency of the cursor and the huge memory requirement it's use would entail (the cursor would pull about 15 million rows).
So I began looking into SSIS thinking it would be able manage the system resources aspect effectively and offer better performance overall. I've realized, however, that even in SSIS I would essentially need to first pull the 14 mil rows into a memory-resident object (or a temp table - whose benefit I'm not convinced of or haven't fully understood) before looping through each row to perform the data inserts into B.
So, is there any real advantage to this over the first approach ? Perhaps I haven't looked deep enough or wide enough. Any constructive suggestions / feedback would be highly appreciated.
What is the advantages/disadvantages of using Database Diagram and link all the tables in MS SQL Server Management Studio versus letting the application check and link the different tables at run time? Currently, I do not have all my tables linked in a Database Diagram. I do everything at run time in my application code behind. What are the best practices? Which is easier or perhaps more secure?
Hi, Generally I write all my SQL in Stored Procedures instead of using adhoc queries. But I dont feel good about stored procedures when I come across situations like this.
Lets say that I have a stored procedure something like this
CREATE PROCEDURE dbo.proc_MYSP @CaseID char(10) AS SELECT * FROM TABLE1WHERE CASEID = @CASEID
Suppose in future if the field CASEID is changed to char(20) then I need to change the declaration of CaseID in all my stored procedures that take CaseID as input parameter. If I write adhoc queries then I need not worry about this. Is there any effective solution for a situation like this.