Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dynamic SQL: Writing Efficient Queries on the Fly

Published byOwen Parker Modified over 6 years ago

Similar presentations

Presentation on theme: "Dynamic SQL: Writing Efficient Queries on the Fly"— Presentation transcript:

1 Dynamic SQL: Writing Efficient Queries on the Fly
Ed Pollack Sr. Database Administrator Autotask

2 Available Now! Dynamic SQL: Applications, Performance, and Security:

3 Agenda Increasing flexibility and performance via dynamic SQL!
What is dynamic SQL? Basic dynamic SQL tips & tricks List Generation Sp_executesql SQL injection Saving output Lots of applications and examples!!! Conclusion

4 What is Dynamic SQL? Build TSQL query using a custom-built string.
Can incorporate variables, parameters, and table data. Dynamic SQL queries can be built over the course of many statements. Any string or data manipulation functions can be used. Once built, the dynamic SQL statement is executed like a stored proc. Quick Demo: Dynamic SQL basics.

5 Pros & Cons of Dynamic SQL
Great for optional or custom searches. Allow for dynamic WHERE, GROUP BY, HAVING, TOP, ORDER BY, etc… Can speed up complex queries where only some logic is needed. Can generate large amounts of TSQL quickly & efficiently. Can easily execute TSQL across many databases or servers. When not well-written, can be very messy & hard to follow. Manage delimiters correctly, or risk SQL injection. Permissions are different than standard SQL. Unexpected input may lead to unexpected output All dynamic SQL within quotes compiles correctly…but… Not allowed in functions.

6 Basic Tips for Better Dynamic SQL
Document thoroughly! Debugging: Use PRINT instead of EXEC to preview text before executing. Test all input use cases thoroughly. ESPECIALLY unexpected input! Break up large procs into smaller bite-size chunks. Write dynamic SQL like regular TSQL with similar spacing, indenting, etc… Always verify spacing between variables, text, and TSQL command strings. NVARCHAR vs. VARCHAR (use the correct one!) Demo: Good dynamic SQL style.

7 Efficiently Generating Lists
Dynamic SQL can be used to quickly build lists from variables or tables. Extremely performant versus other methods such as: Iteration (WHILE, CURSOR, etc…) XML Piecemeal/stick-built methods Export…import Demo: Efficiently generating lists from table data

8 sp_executesql System stored proc that allows for easy execution of dynamic SQL. Requires use of NVARCHAR for command string. Accepts parameters for both inputs and outputs. Allows for execution plan reuse (if desired). Demo: sp_executesql

9 SQL Injection Demo: SQL Injection
The use (accidental or sinister) of delimiters to break dynamic SQL queries. Replacing quotes with double-quotes is a common solution, but not good enough! Limit security to those that need access, and only to the objects they need. Always use sp_executesql when executing command strings. Never expose error messages to the end user! Use QUOTENAME for database objects to ensure they are not manipulated Add schema name to all referenced objects (whether dbo or otherwise).

10 Saving Output The results of a dynamic SQL select statement can be inserted into a table. Parameters can be altered when configured with the OUTPUT keyword. Temporary tables are available within dynamic SQL for read/write. Table variables and scalar variables are NOT accessible within dynamic SQL by default. Demo: Saving dynamic SQL output

11 Demo: FIND! Dynamic SQL can be used to generate TSQL from system views. This allows SQL Server metadata to be very efficiently queried. We can use this data as an effective search solution for an entire SQL server! Demo: FIND!

12 Demo: Dynamic Pivot PIVOT allows a row set to be flipped into column headers. The column names must be predefined, though! Dynamic SQL allows for an ad-hoc column list. Demo: The crazy dynamic pivot!

13 Demo: Generating Schema
Dynamic SQL can be used to build, alter, or drop schema. Configuration tables can be used to control these actions. Removes business logic from schema into metadata. Allows a large amount of schema changes with simple control scripts. Demo: Generating data warehouse dimension tables.

14 Demo: Mapping FK Relationships
Foreign keys can be used to recursively map database relationships. This is useful for research and understanding relational models. If foreign keys are not used, a database dictionary can be used instead. Demo: Mapping foreign key relationships.

15 Demo: Database Maintenance
Iterating through databases, server objects, or database objects can allow for efficient database maintenance in areas such as: Backups Index maintenance MSDB maintenance Replication maintenance Demo: Database maintenance using dynamic SQL.

16 Conclusion Dynamic SQL can accomplish tasks that are difficult or impossible otherwise. Only use dynamic SQL when needed. Always cleanse inputs as needed by your applications. Always validate security/access and ensure it is as minimal as possible. Be a super-duper-neat-freak! Document like your life depends on it! Be creative! Dynamic SQL can elegantly solve many complex problems.

17 Questions???

18 Contact Info & Links Ed SQL Shack SQL Server Central SQL Saturday Albany (July 29, UAlbany) Thank you!!!

Download ppt "Dynamic SQL: Writing Efficient Queries on the Fly"

Similar presentations

Week 6: Chapter 6 Agenda Automation of SQL Server tasks using: SQL Server Agent Scheduling Scripting Technologies.

Week 6: Chapter 6 Agenda Automation of SQL Server tasks using: SQL Server Agent Scheduling Scripting Technologies.
ERWin Template Overview By: Dave Wentzel. Agenda u Overview of Templates/Macros u Template editor u Available templates u Independent column browser u.

ERWin Template Overview By: Dave Wentzel. Agenda u Overview of Templates/Macros u Template editor u Available templates u Independent column browser u.
Chapter 7 Managing Data Sources. ASP.NET 2.0, Third Edition2.

Chapter 7 Managing Data Sources. ASP.NET 2.0, Third Edition2.
Handling Security Threats in Kentico CMS Karol Jarkovsky Sr. Solution Architect Kentico Software

Handling Security Threats in Kentico CMS Karol Jarkovsky Sr. Solution Architect Kentico Software
1 Chapter Overview Transferring and Transforming Data Introducing Microsoft Data Transformation Services (DTS) Transferring and Transforming Data with.

1 Chapter Overview Transferring and Transforming Data Introducing Microsoft Data Transformation Services (DTS) Transferring and Transforming Data with.
Copying, Managing, and Transforming Data With DTS.

Copying, Managing, and Transforming Data With DTS.
Object Oriented Databases by Adam Stevenson. Object Databases Became commercially popular in mid 1990’s Became commercially popular in mid 1990’s You.

Object Oriented Databases by Adam Stevenson. Object Databases Became commercially popular in mid 1990’s Became commercially popular in mid 1990’s You.
ASP.NET Programming with C# and SQL Server First Edition

ASP.NET Programming with C# and SQL Server First Edition
IMS 4212: Application Architecture and Intro to Stored Procedures 1 Dr. Lawrence West, Management Dept., University of Central Florida

IMS 4212: Application Architecture and Intro to Stored Procedures 1 Dr. Lawrence West, Management Dept., University of Central Florida
Dinamic SQL & Cursor. Why Dinamic SQL ? Sometimes there is a need to dynamically create a SQL statement on the fly and then run that command. This can.

Dinamic SQL & Cursor. Why Dinamic SQL ? Sometimes there is a need to dynamically create a SQL statement on the fly and then run that command. This can.
Architecture Rajesh. Components of Database Engine.

Architecture Rajesh. Components of Database Engine.
Module 9 Designing and Implementing Stored Procedures.

Module 9 Designing and Implementing Stored Procedures.
By: Matt Batalon, MCITP  Another form of temporary storage that can be queried or joined against, much like a table variable, temp.

By: Matt Batalon, MCITP  Another form of temporary storage that can be queried or joined against, much like a table variable, temp.
Database Design and Management CPTG 424. 10/23/2015Chapter 12 of 38 Functions of a Database Store data Store data School: student records, class schedules,

Database Design and Management CPTG /23/2015Chapter 12 of 38 Functions of a Database Store data Store data School: student records, class schedules,
PL/SQLPL/SQL Oracle10g Developer: PL/SQL Programming Chapter 9 Database Triggers.

PL/SQLPL/SQL Oracle10g Developer: PL/SQL Programming Chapter 9 Database Triggers.
Copyright © 2006 Pilothouse Consulting Inc. All rights reserved. Search Overview Search Features: WSS and Office Search Architecture Content Sources and.

Copyright © 2006 Pilothouse Consulting Inc. All rights reserved. Search Overview Search Features: WSS and Office Search Architecture Content Sources and.
Copyright © 2003 ProsoftTraining. All rights reserved. Perl Fundamentals.

Copyright © 2003 ProsoftTraining. All rights reserved. Perl Fundamentals.
Slide 1 of 19Session 13 Ver. 1.0 Querying and Managing Data Using SQL Server 2005 In this session, you will learn to: Implement stored procedures Implement.

Slide 1 of 19Session 13 Ver. 1.0 Querying and Managing Data Using SQL Server 2005 In this session, you will learn to: Implement stored procedures Implement.
Learningcomputer.com SQL Server 2008 –Views, Functions and Stored Procedures.

Learningcomputer.com SQL Server 2008 –Views, Functions and Stored Procedures.
A Guide to SQL, Eighth Edition Chapter Six Updating Data.

A Guide to SQL, Eighth Edition Chapter Six Updating Data.

Similar presentations

Ads by Google