Creating a dynamic search form with database paging Tony Rogerson SQL Server MVP Torver Computer Consultants.

Slides:



Advertisements
Similar presentations
SQL Server performance tuning basics
Advertisements

Transact-SQL. 1. Declare float = 10 select * from customers where discnt
Module 6: Working with Subqueries. Overview Introduction to Subqueries Using a Subquery as a Derived Table Using a Subquery as an Expression Using a Subquery.
Module 9: Implementing Stored Procedures. Introduction to Stored Procedures Creating Executing Modifying Dropping Using Parameters in Stored Procedures.
Tools of the trade TSQL CIS 407. SQL Server Tools Books on line! Don’t use sql server authentication –Use windows authentication (safer) for developer.
Virtual techdays INDIA │ 9-11 February 2011 SQL 2008 Query Tuning Praveen Srivatsa │ Principal SME – StudyDesk91 │ Director, AsthraSoft Consulting │ Microsoft.
Chapter 7 Advanced SQL Database Systems: Design, Implementation, and Management, Sixth Edition, Rob and Coronel.
Stored Procedures Dr. Ralph D. Westfall May, 2009.
MS Access: Database Concepts Instructor: Vicki Weidler.
Chapter 9 Using the SqlDataSource Control. References aspx.
ADO.NET A2 Teacher Up skilling LECTURE 3. What’s to come today? ADO.NET What is ADO.NET? ADO.NET Objects SqlConnection SqlCommand SqlDataReader DataSet.
CIS 451: Using ASP.NET Objects with SQL Dr. Ralph D. Westfall February, 2009.
Chapter 7 Advanced SQL Database Systems: Design, Implementation, and Management, Sixth Edition, Rob and Coronel.
DAT304 Managing And Executing Stored Procedures For Performance William R. Vaughn Beta V Corporation.
Defining Stored Procedures Named Collections of Transact-SQL Statements Encapsulate Repetitive Tasks Five Types (System, Local, Temporary, Remote, and.
Dinamic SQL & Cursor. Why Dinamic SQL ? Sometimes there is a need to dynamically create a SQL statement on the fly and then run that command. This can.
PART 1 CREATING THE PRODUCT CATALOG. ROADMAP FOR THIS CHAPTER To implement the departments list, you’ll start with the database and make your way to the.
Dexterity | CONFIDENTIAL 2009 MRO | Analytics | Insights 1 Stored Procedures.
Module 8: Implementing Stored Procedures. Introducing Stored Procedures Creating, Modifying, Dropping, and Executing Stored Procedures Using Parameters.
Module 9 Designing and Implementing Stored Procedures.
Programming using C# Joins SQL Injection Stored Procedures
T-SQL Transact-SQL is microsoft implementation of SQL. It contains additional programming constracts T-SQL enables you to write programs that contain SQL.
Final Exam Guide PHP NOTE: PHP CODE WILL BE BLUE, HTML IS BLACK EXAMPLE
Overview · What is PL/SQL · Advantages of PL/SQL · Basic Structure of a PL/SQL Block · Procedure · Function · Anonymous Block · Types of Block · Declaring.
11 Using ADO.NET II Textbook Chapter Getting Started Last class we started a simple example of using ADO.NET operations to access the Addresses.
JOINS cis 407 Inner join Right and left outer join Full join Cross join.
BA372 Stored Procedures and Triggers Lab. What needs to be done to change a customer’s credit limit? Who am I? May I? Do it Log it Display A database.
1 Agenda – 10/24/2013 Answer questions from lab on 10/22. Present SQL View database object. Present SQL UNION statement.
ASP.NET OPTIMIZATION. Why Optimize? $$$ Whether you build applications for customers or not, enhanced applications save money.
Module 8: Implementing Stored Procedures. Overview Implementing Stored Procedures Creating Parameterized Stored Procedures Working With Execution Plans.
8 1 Chapter 8 Advanced SQL Database Systems: Design, Implementation, and Management, Seventh Edition, Rob and Coronel.
Database Systems Design, Implementation, and Management Coronel | Morris 11e ©2015 Cengage Learning. All Rights Reserved. May not be scanned, copied or.
Chapter 8 Advanced SQL Database Systems: Design, Implementation, and Management, Seventh Edition, Rob and Coronel.
1 Avoiding Hacker Attacks. 2 Objectives You will be able to Avoid certain hacker attacks and crashes due to bad inputs from users.
G. Green 1.  Options include:  Script Files  already covered  APIs  last course topic  Database-Stored Code  our focus 2.
Using ADO.Net to Build a Login System Dr. Ron Eaglin.
IS6146 Databases for Management Information Systems Lecture 4: SQL IV – SQL Functions and Procedures Rob Gleasure robgleasure.com.
SQL Server 2012 Session: 1 Session: 12 Triggers Data Management Using Microsoft SQL Server.
Ch 5. Introducing More Database Objects. Database Objects Table (ch2) View (ch3) Stored Procedure Trigger Function User-defined types.
IMS 4212: Application Architecture and Intro to Stored Procedures 1 Dr. Lawrence West, Management Dept., University of Central Florida
Ch 7. Working with relational data. Transactions Group of statements executed as a group. If all statements execute successfully, changes are committed.
Module 9: Using Advanced Techniques. Considerations for Querying Data Working with Data Types Cursors and Set-Based Queries Dynamic SQL Maintaining Query.
Module 8: Using Programming Objects for Data Retrieval.
Execution Plans Detail From Zero to Hero İsmail Adar.
BTM 382 Database Management Chapter 8 Advanced SQL Chitu Okoli Associate Professor in Business Technology Management John Molson School of Business, Concordia.
Dynamic SQL Writing Efficient Queries on the Fly ED POLLACK AUTOTASK CORPORATION DATABASE OPTIMIZATION ENGINEER.
Module 9: Implementing Functions. Overview Creating and Using Functions Working with Functions Controlling Execution Context.
© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Using Stored Procedures ADO.NET - Lesson 07  Training time: 15 minutes  Author:
CFUNITED – The premier ColdFusion conference Beyond Basic SQL for CF Nate Nelson
Pengenalan Basis Data Perintah Dasar SQL
Managing, Storing, and Executing DTS Packages
Parameter Sniffing in SQL Server Stored Procedures
Structured Query Language
Steve Coleman UTOUG Fall Symposium October 26, 2016
Tuning Transact-SQL Queries
Task oriented processing
Dynamic SQL Writing Efficient Queries on the Fly
CS 440 Database Management Systems
Creating Stored Procedures and Functions
Dynamic SQL: Writing Efficient Queries on the Fly
Dynamic SQL Writing Efficient Queries on the Fly
Using Subqueries to Solve Queries
Query Optimization Techniques
Dynamic SQL: Writing Efficient Queries on the Fly
“Magic numbers”, local variable and performance
Introduction to Computer Science
SQL Server Query Design and Optimization Recommendations
Query Optimization Techniques
Why should I care about SQL, if I have ORM?
Introduction to SQL Server and the Structure Query Language
Presentation transcript:

Creating a dynamic search form with database paging Tony Rogerson SQL Server MVP Torver Computer Consultants

What we trying to do?

The presentation Methods of coding the stored procedure Methods of coding the stored procedure –Static SQL method –Dynamic SQL method –Pros and Cons of each approach –SQL Injection/Security –The execution cache ASP.NET (VB.NET) interface ASP.NET (VB.NET) interface –Overview –Coding specifics

Static SQL method Same stored procedure parameters Same stored procedure parameters create procedure smallint = NULL int = nchar(10) = NULL

Static SQL method – ISNULL select * from Orders o left outer join Employees e on e.EmployeeID = o.EmployeeID left outer join Customers c on c.CustomerID = o.CustomerID where o.CustomerID = o.CustomerID ) and o.EmployeeID = o.EmployeeID ) order by o.ShippedDate desc Table 'Customers'. Scan count 5, logical reads 10. Table 'Employees'. Scan count 5, logical reads 10. Table 'Orders'. Scan count 1, logical reads 21.

Static SQL method – AND/OR Table 'Customers'. Scan count 5, logical reads 10. Table 'Employees'. Scan count 5, logical reads 10. Table 'Orders'. Scan count 2, logical reads 40. select * from Orders o left outer join Employees e on e.EmployeeID = o.EmployeeID left outer join Customers c on c.CustomerID = o.CustomerID where ( o.CustomerID or o.CustomerID is null ) and ( o.EmployeeID or o.EmployeeID is null ) order by o.ShippedDate desc

Static SQL method – IF THEN ELSE is not null is not null select.... from Orders o left outer join Employees e on e.EmployeeID = o.EmployeeID left outer join Customers c on c.CustomerID = o.CustomerID where o.CustomerID and o.EmployeeID order by o.ShippedDate desc else select.... from Orders o left outer join Employees e on e.EmployeeID = o.EmployeeID left outer join Customers c on c.CustomerID = o.CustomerID where o.EmployeeID order by o.ShippedDate desc else select.... from Orders o left outer join Employees e on e.EmployeeID = o.EmployeeID left outer join Customers c on c.CustomerID = o.CustomerID where o.CustomerID order by o.ShippedDate desc

Static SQL - summary Inflexible for optional parameters Inflexible for optional parameters IF then ELSE is efficient but will give a big plan which increases chances of a recompile. Greater maintenance. IF then ELSE is efficient but will give a big plan which increases chances of a recompile. Greater maintenance. ISNULL and AND/OR will give a general plan and perhaps a very bad plan for the parameter combination. ISNULL and AND/OR will give a general plan and perhaps a very bad plan for the parameter combination. More secure then dynamic SQL. More secure then dynamic SQL.

Dynamic SQL - coding is not null + ' and is not null + ' and = ' select o.OrderID, c.CompanyName, EmployeeName = e.LastName + '', '' + e.FirstName, ShippedDate = CONVERT( varchar(20), o.ShippedDate, 106 ) from Orders o left outer join Employees e on e.EmployeeID = o.EmployeeID left outer join Customers c on c.CustomerID = o.CustomerID ' + ' order by o.ShippedDate desc ' EXEC @CustomerID

Dynamic SQL - summary Specific plan for each iteration. Specific plan for each iteration. Plan is reused. Plan is reused. Use sp_executesql. Use sp_executesql. Parameterise instead of hard coding constants. Parameterise instead of hard coding constants. Be-careful of SQL Injection. Be-careful of SQL Injection. Security implications. Security implications.

Security Use ADO.NET SqlCommand object instead of building a SQL string. Use ADO.NET SqlCommand object instead of building a SQL string. SQL Injection: remember to replace a single quote with two single quotes… REPLACE(, ''', '''' ) SQL Injection: remember to replace a single quote with two single quotes… REPLACE(, ''', '''' ) Permission required on base tables used within the dynamic SQL block. However, you can create views over the base tables and permission them instead. Permission required on base tables used within the dynamic SQL block. However, you can create views over the base tables and permission them instead.

Execution cache Check master..syscacheobjects Check master..syscacheobjects Pages usecount refcount and Pages usecount refcount and After 5 executions – check usecount – plan reuse!

ASP.NET Part Use ViewState( ) to keep track of page number and maximum pages. Use ViewState( ) to keep track of page number and maximum pages. Can’t pick up the output parameter until the datareader has been closed. Can’t pick up the output parameter until the datareader has been closed.

Questions

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.