How to Share Data Between Stored Procedures [closed] - sql

It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 9 years ago.
There were a number of questions related to sharing data results of one stored procedure in another in MS SqlServer.
Depending of the version of SQL Server people would suggest using temporary tables, xml (SQLServer 2005) or table variables (SQL Server 2008).
There is a great article written by Erland Sommarskog that provides comprehensive answer and list all options available in different versions of SQL:
How to Share Data Between Stored Procedures
I thought it was worth sharing.
I came across that article when reading an answer by deevus suggesting the use of INSERT-EXEC Statement, something that I was not really familiar with before

There is a great article written by Erland Sommarskog that provides the comprehensive answer and list all options available in different versions of SQL:
How to Share Data Between Stored Procedures
This article tackles two related
questions:
How can I use the result set from one
stored procedure in another, also
expressed as How can I use the result
set from a stored procedure in a
SELECT statement?
How can I pass a
table as a parameter from one stored
procedure to another?
In this article
I will discuss a number of methods,
and also point out their advantages
and drawbacks. Some of the methods
apply only when you want to reuse a
result set, whereas others apply in
both situations. In the case you want
to reuse a result set, most methods
require you to rewrite the stored
procedure in one way or another, but
there are some methods that do not.

Related

Suggestion needed regarding performance of stored procedure [closed]

It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 10 years ago.
We have an application which needs to write data to a particular table in oracle DBMS. But before writing to the table it do certain manipulation on the data it writes.
We are now planning to take this 'manipulation of data' out of the application and delegate this responsibility to a stored procedure in ORACLE DBMS. Their procedure, on other hand, will take help of different in-built and explicitly written functions to do its job.
Now my concern is how efficient is the 'procedure run' in ORACLE DBMS. I am supposing Oracle will invoke different functions call from the stored procedure in an in-line fashion, or otherwise , but will definitely not make those calls as part of some child process, which will otherwise give a big hit to the performance of this stored-procedure.
Note:This procedure will be called through-out the day, with hundreds of thousand of row to be updated. This make the performance of this stored-procedure very crucial for the application.
Can you comment on the performance of the stored procedure in general as compared to when manipulation is part of an application.
EDIT:
Manipulation is as simple as taking few values out from a map, collating them together and update them in a particular column of a table.
Many Thanks,
Mawia
The PL/SQL code will access data with lower latency than the application, and you're unlikely to have a problem If you follow good practice's. Do as much as possible in SQL, and use implicit cursors instead of explicit cursors.

Keeping clear of SQL injections [closed]

It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 11 years ago.
If I make sure only alpha-numerical characters are used in queries I should be free of any SQL injections, right?
SQL Injection Prevention CheatSheet
Bullet points:
Defense Option 1: Prepared Statements (Parameterized Queries)
...how all developers should first be taught how to write database queries.
Defense Option 2: Stored Procedures
...when implemented safely.
Defense Option 3: Escaping All User Supplied Input
...frail compared to using parameterized queries.
It's pretty difficult to write a useful query with only alpha-numeric characters. Use paramterized queries, don't look for a non-shortcut shortcut.
Technically, that's probably correct, since it would block using -- or similar trickery. Most platforms these days have much more robust methods for properly escaping input and keeping it from affecting the database in unintended ways, however.

What is the purpose of Table Hints in SQL Server? [closed]

It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 11 years ago.
What is the purpose of table hints in SQL Server like NOLOCK and READUNCOMMITTED?
Please explain this with example.
Also why can't they be specified for tables modified by INSERT, UPDATE, or DELETE operations?
They allow you to set transaction isolation level on a table-by-table basis instead of for the entire query or connection.
They can also be used to trigger some features like minimal logging (use TABLOCK with the right trace flags set on an INSERT and it can be minimally logged).
As a rule it's a better idea to use connection-level settings.
As the commentor pointed out, Books Online has an excellent description (and samples) of Table Hints, including which hints can be used for which operations.
http://msdn.microsoft.com/en-us/library/ms187373.aspx
There is also a big fat caveat at the top of the page, which often goes unnoticed:
Caution Because the SQL Server query optimizer typically selects the
best execution plan for a query, we recommend that hints be used only
as a last resort by experienced developers and database
administrators.
While the accuracy of the optimizer in choosing the best plan can be debatable, the latter half of the warning is certainly true; don't use Table Hints unless you are sure that you need them, and that assurance typically only comes with experience.

Stored Procedure Tuning [closed]

It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 11 years ago.
I have a big stored procedure, which runs for 2-3 secs at 100% CPU. Its not a big deal, if the SP runs once for a while, however this particular SP runs every second. so you can understand the total processor usage in a minute and through-out the day.
This stored procedure contains lots of queries, temporary tables, one or two cursors and some dynamic queries.
what will the best possible solution to tune-up my SP, and different ways to do that.
What are the points we need to remember while writing an SP in general?
Please Help...
To tune up your stored procedure you need to address each query and process contained within it individually. Make sure that your indexes are set correctly and check whether your approach with the temp tables and dynamic SQL is appropriate. Also make sure that you're not abusing other stored procs and views that may have been designed to be used directly rather than as cogs in a larger process.
It is difficult to make more suggestions but, from your description on what is entailed in the stored procedure and how often it runs, it sounds like this is a key process in your system and the data involved a likely candidate for denormalization. If you denormalize the data then you would rewrite the stored proc to query that part of the database to get better performance.

What is SQL injection [closed]

It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 12 years ago.
I want to know about SQL injection.
So, please help me.
Lots of information about SQL Injection on wikipedia, and xkcd has a very good example as well.
In general, if your application is using a SQL database, a SQL Injection attack is an attempt to use your program to pass dangerous values to the SQL database.
The best preventative measures are to never construct SQL strings without cleaning them up - the best way to do this is to use parameterized queries and widely used data access libraries.
Start here: google "sql injection".
You will see that there is plenty to read about it.
If you want to protect yourself against sql injection, you have to be a bit more specific, as the exact methods differ depending on the database and on the platform using the database.
It is the technique to manipulate the input to control your sql. Read more here is better for you
Attacks by Example
Wiki
Couple of places to get started:
OWASP: Lots of principals on secure web app design. Check the first entry of the Top 10 on injection
Injection for .NET developers: Details on what it is and how to protect against it if you're working with .NET.
It allow a attacker to tamper with existing data, destroy the data or make it otherwise unavailable, and in short become administrators of the database server...
This attack involves injecting SQL commands in the query input thus effecting predefined SQL commands exection.