Dynamic SQL Konstantin Osipov, MySQL AB.

Slides:

Advertisements

Similar presentations

PHP 5 + MySQL 5 A Perfect 10. Adam Trachtenberg PHP 5 + MySQL 5 = A Perfect mysqli extension i is for improved! All new MySQL extension for PHP.

Advertisements

Keys, Referential Integrity and PHP One to Many on the Web.

Embedded SQL John Ortiz. Lecture 15Embedded SQL2 Why Isn’t Interactive SQL Enough?  How to do this using interactive SQL?  Print a well-formatted transcript.

LCT2506 Internet 2 Further SQL Stored Procedures.

Made in USA Software Development Services Ayoka, L.L.C. 202 E. Border Street, Ste 334 Arlington, TX By Steve Chang.

Sql Server Advanced Features MIS 424 Professor Sandvig.

Module 2: Using Transact-SQL Querying Tools. Overview SQL Query Analyzer Using the Object Browser Tool in SQL Query Analyzer Using Templates in SQL Query.

SJSU CS157B Dr. Lee1  2004 Jenny Mitchell Two Useful Tools You Can’t Live Without by Jenny Mitchell SJSU CS157B Section PHP and MySQL.

Getting connected.  Java application calls the JDBC library.  JDBC loads a driver which talks to the database.  We can change database engines without.

Module 3: Changes to Transact-SQL. Overview Accessing Object Information New Transact-SQL Syntax Changes to Objects Distributed Queries.

Database Design for DNN Developers Sebastian Leupold.

Analysis of SQL injection prevention using a proxy server By: David Rowe Supervisor: Barry Irwin.

4-1 INTERNET DATABASE CONNECTOR Colorado Technical University IT420 Tim Peterson.

(CPSC620) Sanjay Tibile Vinay Deore. Agenda  Database and SQL  What is SQL Injection?  Types  Example of attack  Prevention  References.

COMP 410 & Sky.NET May 2 nd, What is COMP 410? Forming an independent company The customer The planning Learning teamwork.

Dinamic SQL & Cursor. Why Dinamic SQL ? Sometimes there is a need to dynamically create a SQL statement on the fly and then run that command. This can.

Attacking Applications: SQL Injection & Buffer Overflows.

Creating Dynamic Web Pages Using PHP and MySQL CS 320.

CSE 3330 Database Concepts Stored Procedures. How to create a user CREATE USER.. GRANT PRIVILEGE.

(Chapter 10 continued) Our examples feature MySQL as the database engine. It's open source and free. It's fully featured. And it's platform independent.

B ASIC SQL P ROCEDURE S TRUCTURE. U NIT OBJECTIVES After completing this unit, you should be able to: Describe the structure of an SQL procedure Explain.

Stored procedures1 Stored procedures and functions Procedures and functions stored in the database.

Database Development Tr ươ ng Quý Quỳnh. References UDEMY: SQL Database MasterClass: Go From Pupil To Master! Database Systems - A Practical Approach.

Component 4/Unit 6c Topic III Structured Query Language Background information What can SQL do? How is SQL executed? SQL statement characteristics What.

PL / SQL By Mohammed Baihan. What is PL/SQL? PL/SQL stands for Procedural Language extension of SQL. PL/SQL is a combination of SQL along with the procedural.

Sumanth M Ganesh B CPSC 620.  SQL Injection attacks allow a malicious individual to execute arbitrary SQL code on your server  The attack could involve.

Programmatic SQL Shaista Khan CS 157B. Topic Embedded SQL statements in high-level programming languages.

8 1 Chapter 8 Advanced SQL Database Systems: Design, Implementation, and Management, Seventh Edition, Rob and Coronel.

SQL Basic. What is SQL? SQL (pronounced "ess-que-el") stands for Structured Query Language. SQL is used to communicate with a database.

Sofia, Bulgaria | 9-10 October The Query Governor Richard Campbell Stephen Forte Richard Campbell Stephen Forte.

1 CS 430 Database Theory Winter 2005 Lecture 14: Additional SQL Topics.

WEB SECURITY WEEK 2 Computer Security Group University of Texas at Dallas.

A Guide to SQL, Eighth Edition Chapter Eight SQL Functions and Procedures.

Security and Web Programming/Design. cell phones bio-facilities Sodas, junk food, and coffee Welcome to the No Smoking State.

Enterprise manager Using the Enterprise manager. Purpose of the Enterprise Manager To design tables To populate / update tables To draw diagrams of tables.

SQL Injection Anthony Brown March 4, 2008 IntroductionQuestionsBackgroundTechniquesPreventionDemoConclusions.

Stored Procedures / Session 4/ 1 of 41 Session 4 Module 7: Introducing stored procedures Module 8: More about stored procedures.

Fundamentals of Web DevelopmentRandy Connolly and Ricardo HoarFundamentals of Web DevelopmentRandy Connolly and Ricardo Hoar Fundamentals of Web DevelopmentRandy.

Text TCS INTERNAL Oracle PL/SQL – Introduction. TCS INTERNAL PL SQL Introduction PLSQL means Procedural Language extension of SQL. PLSQL is a database.

DML Statements contd.. SQL Server CURSORS Cursor is used in handling results of select query for data calculations Cursors are used as buffered.

SQL Triggers, Functions & Stored Procedures Programming Operations.

PDOStatement Named Placeholders CIT336 - Connor Wiseman cit336.saveandquit.net/presentation.

SQL Server Migration Hints and Tips Manual conversion required Complex triggers References to data dictionary tables (systables,…) Recent extensions.

Dynamic SQL Writing Efficient Queries on the Fly ED POLLACK AUTOTASK CORPORATION DATABASE OPTIMIZATION ENGINEER.

3 Copyright © 2006, Oracle. All rights reserved. Designing and Developing for Performance.

COMP 430 Intro. to Database Systems

SQL Environment.

Introduction to Dynamic Web Programming

Dynamic SQL Writing Efficient Queries on the Fly

Stored Procedures.

Web Technologies IT230 Dr Mohamed Habib.

© 2016, Mike Murach & Associates, Inc.

Unix System Administration

Dynamic SQL: Writing Efficient Queries on the Fly

LiNQ SQL Saturday David Fekke.

Views, Stored Procedures, Functions, and Triggers

Stored Routines Tips, Tricks and Solutions Alex Nozdrin Software Developer, Server team George Trujillo Senior Instructor.

Dynamic SQL Writing Efficient Queries on the Fly

Error Handling Summary of the next few pages: Error Handling Cursors.

CS122B: Projects in Databases and Web Applications Spring 2017

CS122B: Projects in Databases and Web Applications Winter 2017

Dynamic SQL: Writing Efficient Queries on the Fly

CS122B: Projects in Databases and Web Applications Winter 2018

Information Management

CS122B: Projects in Databases and Web Applications Spring 2018

Dynamic Sql Not so scary?

SQL Server Query Design and Optimization Recommendations

CS122B: Projects in Databases and Web Applications Winter 2019

Presentation transcript:

Dynamic SQL Konstantin Osipov, MySQL AB

About the speaker lives in Moscow works on the server implemented the feature

What is this talk about? how Dynamic SQL works good practices getting your feedback

Dynamic SQL syntax is syntax of SQL prepared statements: PREPARE <name> FROM <text> EXECUTE <name> USING <@-var list> DEALLOCATE PREPARE <name>

Degree of Freedom Static SQL: @-user variables to input data Stored Procedures SQL: stored procedure variables Prepared SQL: adds LIMIT ?, ? capability Dynamic SQL: 100% flexibility

Permissions, Scope Permissions: are the same as of the Stored Procedure dangerous in SUID procedures Scope: Dynamic SQL has its own scope no access to SP variables temporary tables are in the scope of SP

How it works

Dynamic SQL Dos administrative tasks CHECK, OPTIMIZE dynamic querying IN (id-list), handling of hierarchical data

Dynamic SQL Dont's don't use it if you don't have to: risk of SQL injection it does not provide extra optimization Static SQL is re-optimized just as well it allows the same statements as in Stored Procedures

Dynamic SQL Limits not all statements three step procedure: no EXECUTE IMMEDIATE no cursor support no access to Stored Procedure variables Stored Procedure variables can't be bound to placeholders can't be used in Functions and Triggers

Questions?