|
 |
ado_dotnet thread: RE: dynamic vs static sql
Message #1 by "DT-Rene Vazquez" <renevazquez@c...> on Fri, 7 Mar 2003 10:28:58 -0500
|
|
Hi, can you give me some direction in how to prevent sql injection?
-----Original Message-----
From: Kevin Ayers [mailto:kevin@f...]
Sent: Friday, February 28, 2003 11:19 AM
To: ADO.NET
Subject: [ado_dotnet] RE: dynamic vs static sql
If you're referring to placing sql commands in the search criteria, then
yes
those are already covered pretty well.
Kevin
----- Original Message -----
From: "Brian Smith" <bsmith@l...>
To: "ADO.NET" <ado_dotnet@p...>
Sent: Friday, February 28, 2003 10:56 AM
Subject: [ado_dotnet] RE: dynamic vs static sql
> I hope you're protecting yourself from SQL injection attacks...:-)
>
> brian
>
> -----Original Message-----
> From: Kevin Ayers [mailto:kevin@f...]
> Sent: Fri, 28 Feb 2003 13:57
> To: ADO.NET
> Subject: [ado_dotnet] RE: dynamic vs static sql
>
>
> We are doing a mixed approach. For the most part we wil be using
static
> sql sp's for individual record's updates, deletes, and full record
> selection (getting all the records, not just a few for display). We
> will be using a dynamic sql sp for most of our browse table style
> controls. We're doing this because there are many, many different
> browse tables and they must be searchable and very modifiable and
> dynamic sql is the only viable way of doing this w/o tons of sp's and
a
> support nightmare.
>
> Kevin
>
> ----- Original Message -----
> From: "Rahul Singh" <rahul.singh@a...>
> To: "ADO.NET" <ado_dotnet@p...>
> Sent: Friday, February 28, 2003 7:21 AM
> Subject: [ado_dotnet] RE: dynamic vs static sql
>
>
> > Actually some dynamic SQL will help you if you are making a lot of
> > similar queries on different tables, not just parameter based
> > searches.
> >
> > You're greatest challenge will be designing the DAL so it can be
> > scalable and updatable easily.
> >
> >
> > -----Original Message-----
> > From: Alex Smotritsky [mailto:alex.smotritsky@v...]
> > Sent: Tuesday, February 25, 2003 10:39 PM
> > To: ADO.NET
> > Subject: [ado_dotnet] RE: dynamic vs static sql
> >
> > I think dynamic sql will increase the complexity of problems you'll
> > have to deal with down the road.
> >
> > The only situation I know of where dynamic sql is generally
preferable
>
> > is when you need to let people do parameter based searches.
> >
> >
> > -----Original Message-----
> > From: Kevin Ayers [mailto:kevin@f...]
> > Sent: Tuesday, February 25, 2003 4:56 PM
> > To: ADO.NET
> > Subject: [ado_dotnet] dynamic vs static sql
> >
> >
> > OK, the application I'm writing has 50+ tables and some of the
tables
> > have
> > 200+ fields (government standard, not my choice -- its about as
> > 200+ denormalized
> > as is possible). We will be distributing this database and our
> > application on hundreds of machines and I'm worried that writing
> > stored procedures for every insert, update, and delete for each of
> > these tables and maintaining them over the course of years is going
to
>
> > be extremely difficult (the standards change all the time, an extra
> > field here, modify this here,etc). I'm thinking of taking the hit in
> > performance and writing 1 stored procedure (for insert, update, or
> > delete) that will dynamically build the corresponding statement and
> > only worry about changing the tables/fields. Does anybody know of a
> > better way? Performance is important, but its not essential to
squeeze
>
> > the database for everything its worth. The current iteration of our
> > program (which isn't written in .NET) is horribly inefficient and
the
> > sp that I made to dynamically build the datagrids to display the
data
> > is a couple of orders of magnitude better in performance than it.
> >
> > Thanks,
> > Kevin
> >
> >
> > =3D=3D=3D
> > Fast Track ADO.NET with C# is a concise introduction to the
concepts,
> > techniques, and libraries that you will need in order to start using
> > ADO.NET in your applications. The book covers DataSets and Typed
> > DataSets, accessing data using DataReaders and DataAdaptors, the
close
>
> > relationship between ADO.NET and XML, how and where to use ADO.NET
in
> > your enterprise applications, and how to use Web Services and
ADO.NET
> > to easily pass data between applications.
> > http://www.wrox.com/books/1861007604.htm
> > ---
> > Change your mail options at http://p2p.wrox.com/manager.asp or to
> > unsubscribe send a blank email to
> >
> >
> > =3D=3D=3D
> > Fast Track ADO.NET with C# is a concise introduction to the
concepts,
> > techniques, and libraries that you will need in order to start using
> > ADO.NET in your applications. The book covers DataSets and Typed
> > DataSets, accessing data using DataReaders and DataAdaptors, the
close
>
> > relationship between ADO.NET and XML, how and where to use ADO.NET
in
> > your enterprise applications, and how to use Web Services and
ADO.NET
> > to easily pass data between applications.
> > http://www.wrox.com/books/1861007604.htm
> > ---
> > Change your mail options at http://p2p.wrox.com/manager.asp or to
> > unsubscribe send a blank email to
> >
> >
> >
> > =3D=3D=3D
> > Fast Track ADO.NET with C# is a concise introduction to the
concepts,
> techniques, and libraries that you will need in order to start using
> ADO.NET in your applications. The book covers DataSets and Typed
> DataSets, accessing data using DataReaders and DataAdaptors, the close
> relationship between ADO.NET and XML, how and where to use ADO.NET in
> your enterprise applications, and how to use Web Services and ADO.NET
to
> easily pass data between applications.
> > http://www.wrox.com/books/1861007604.htm
> > ---
> > Change your mail options at http://p2p.wrox.com/manager.asp or to
> > unsubscribe send a blank email to
>
>
> =3D=3D=3D
> Fast Track ADO.NET with C# is a concise introduction to the concepts,
> techniques, and libraries that you will need in order to start using
> ADO.NET in your applications. The book covers DataSets and Typed
> DataSets, accessing data using DataReaders and DataAdaptors, the close
> relationship between ADO.NET and XML, how and where to use ADO.NET in
> your enterprise applications, and how to use Web Services and ADO.NET
to
> easily pass data between applications.
> http://www.wrox.com/books/1861007604.htm
>
> ---
> Incoming mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.449 / Virus Database: 251 - Release Date: 27/01/2003
>
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.449 / Virus Database: 251 - Release Date: 27/01/2003
>
>
>
> =3D=3D=3D
> Fast Track ADO.NET with C# is a concise introduction to the concepts,
techniques, and libraries that you will need in order to start using
ADO.NET
in your applications. The book covers DataSets and Typed DataSets,
accessing
data using DataReaders and DataAdaptors, the close relationship between
ADO.NET and XML, how and where to use ADO.NET in your enterprise
applications, and how to use Web Services and ADO.NET to easily pass
data
between applications.
> http://www.wrox.com/books/1861007604.htm
=3D=3D=3D
Fast Track ADO.NET with C# is a concise introduction to the concepts,
techniques, and libraries that you will need in order to start using
ADO.NET in your applications. The book covers DataSets and Typed
DataSets, accessing data using DataReaders and DataAdaptors, the close
relationship between ADO.NET and XML, how and where to use ADO.NET in
your enterprise applications, and how to use Web Services and ADO.NET to
easily pass data between applications.
http://www.wrox.com/books/1861007604.htm
Message #2 by "Kevin Ayers" <kevin@f...> on Mon, 10 Mar 2003 11:27:18 -0500
|
|
http://www.devarticles.com/art/1/138/4
someone sent me the site earlier this month on another mailing list :-)
Kevin
----- Original Message -----
From: "DT-Rene Vazquez" <renevazquez@c...>
To: "ADO.NET" <ado_dotnet@p...>
Sent: Friday, March 07, 2003 10:28 AM
Subject: [ado_dotnet] RE: dynamic vs static sql
Hi, can you give me some direction in how to prevent sql injection?
-----Original Message-----
From: Kevin Ayers [mailto:kevin@f...]
Sent: Friday, February 28, 2003 11:19 AM
To: ADO.NET
Subject: [ado_dotnet] RE: dynamic vs static sql
If you're referring to placing sql commands in the search criteria, then
yes
those are already covered pretty well.
Kevin
----- Original Message -----
From: "Brian Smith" <bsmith@l...>
To: "ADO.NET" <ado_dotnet@p...>
Sent: Friday, February 28, 2003 10:56 AM
Subject: [ado_dotnet] RE: dynamic vs static sql
> I hope you're protecting yourself from SQL injection attacks...:-)
>
> brian
>
> -----Original Message-----
> From: Kevin Ayers [mailto:kevin@f...]
> Sent: Fri, 28 Feb 2003 13:57
> To: ADO.NET
> Subject: [ado_dotnet] RE: dynamic vs static sql
>
>
> We are doing a mixed approach. For the most part we wil be using
static
> sql sp's for individual record's updates, deletes, and full record
> selection (getting all the records, not just a few for display). We
> will be using a dynamic sql sp for most of our browse table style
> controls. We're doing this because there are many, many different
> browse tables and they must be searchable and very modifiable and
> dynamic sql is the only viable way of doing this w/o tons of sp's and
a
> support nightmare.
>
> Kevin
>
> ----- Original Message -----
> From: "Rahul Singh" <rahul.singh@a...>
> To: "ADO.NET" <ado_dotnet@p...>
> Sent: Friday, February 28, 2003 7:21 AM
> Subject: [ado_dotnet] RE: dynamic vs static sql
>
>
> > Actually some dynamic SQL will help you if you are making a lot of
> > similar queries on different tables, not just parameter based
> > searches.
> >
> > You're greatest challenge will be designing the DAL so it can be
> > scalable and updatable easily.
> >
> >
> > -----Original Message-----
> > From: Alex Smotritsky [mailto:alex.smotritsky@v...]
> > Sent: Tuesday, February 25, 2003 10:39 PM
> > To: ADO.NET
> > Subject: [ado_dotnet] RE: dynamic vs static sql
> >
> > I think dynamic sql will increase the complexity of problems you'll
> > have to deal with down the road.
> >
> > The only situation I know of where dynamic sql is generally
preferable
>
> > is when you need to let people do parameter based searches.
> >
> >
> > -----Original Message-----
> > From: Kevin Ayers [mailto:kevin@f...]
> > Sent: Tuesday, February 25, 2003 4:56 PM
> > To: ADO.NET
> > Subject: [ado_dotnet] dynamic vs static sql
> >
> >
> > OK, the application I'm writing has 50+ tables and some of the
tables
> > have
> > 200+ fields (government standard, not my choice -- its about as
> > 200+ denormalized
> > as is possible). We will be distributing this database and our
> > application on hundreds of machines and I'm worried that writing
> > stored procedures for every insert, update, and delete for each of
> > these tables and maintaining them over the course of years is going
to
>
> > be extremely difficult (the standards change all the time, an extra
> > field here, modify this here,etc). I'm thinking of taking the hit in
> > performance and writing 1 stored procedure (for insert, update, or
> > delete) that will dynamically build the corresponding statement and
> > only worry about changing the tables/fields. Does anybody know of a
> > better way? Performance is important, but its not essential to
squeeze
>
> > the database for everything its worth. The current iteration of our
> > program (which isn't written in .NET) is horribly inefficient and
the
> > sp that I made to dynamically build the datagrids to display the
data
> > is a couple of orders of magnitude better in performance than it.
> >
> > Thanks,
> > Kevin
> >
> >
> > ===
> > Fast Track ADO.NET with C# is a concise introduction to the
concepts,
> > techniques, and libraries that you will need in order to start using
> > ADO.NET in your applications. The book covers DataSets and Typed
> > DataSets, accessing data using DataReaders and DataAdaptors, the
close
>
> > relationship between ADO.NET and XML, how and where to use ADO.NET
in
> > your enterprise applications, and how to use Web Services and
ADO.NET
> > to easily pass data between applications.
> > http://www.wrox.com/books/1861007604.htm
> > ---
> > Change your mail options at http://p2p.wrox.com/manager.asp or to
> > unsubscribe send a blank email to
> >
> >
> > ===
> > Fast Track ADO.NET with C# is a concise introduction to the
concepts,
> > techniques, and libraries that you will need in order to start using
> > ADO.NET in your applications. The book covers DataSets and Typed
> > DataSets, accessing data using DataReaders and DataAdaptors, the
close
>
> > relationship between ADO.NET and XML, how and where to use ADO.NET
in
> > your enterprise applications, and how to use Web Services and
ADO.NET
> > to easily pass data between applications.
> > http://www.wrox.com/books/1861007604.htm
> > ---
> > Change your mail options at http://p2p.wrox.com/manager.asp or to
> > unsubscribe send a blank email to
> >
> >
> >
> > ===
> > Fast Track ADO.NET with C# is a concise introduction to the
concepts,
> techniques, and libraries that you will need in order to start using
> ADO.NET in your applications. The book covers DataSets and Typed
> DataSets, accessing data using DataReaders and DataAdaptors, the close
> relationship between ADO.NET and XML, how and where to use ADO.NET in
> your enterprise applications, and how to use Web Services and ADO.NET
to
> easily pass data between applications.
> > http://www.wrox.com/books/1861007604.htm
> > ---
> > Change your mail options at http://p2p.wrox.com/manager.asp or to
> > unsubscribe send a blank email to
>
>
> ===
> Fast Track ADO.NET with C# is a concise introduction to the concepts,
> techniques, and libraries that you will need in order to start using
> ADO.NET in your applications. The book covers DataSets and Typed
> DataSets, accessing data using DataReaders and DataAdaptors, the close
> relationship between ADO.NET and XML, how and where to use ADO.NET in
> your enterprise applications, and how to use Web Services and ADO.NET
to
> easily pass data between applications.
> http://www.wrox.com/books/1861007604.htm
>
> ---
> Incoming mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.449 / Virus Database: 251 - Release Date: 27/01/2003
>
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.449 / Virus Database: 251 - Release Date: 27/01/2003
>
>
>
> ===
> Fast Track ADO.NET with C# is a concise introduction to the concepts,
techniques, and libraries that you will need in order to start using
ADO.NET
in your applications. The book covers DataSets and Typed DataSets,
accessing
data using DataReaders and DataAdaptors, the close relationship between
ADO.NET and XML, how and where to use ADO.NET in your enterprise
applications, and how to use Web Services and ADO.NET to easily pass
data
between applications.
> http://www.wrox.com/books/1861007604.htm
===
Fast Track ADO.NET with C# is a concise introduction to the concepts,
techniques, and libraries that you will need in order to start using
ADO.NET in your applications. The book covers DataSets and Typed
DataSets, accessing data using DataReaders and DataAdaptors, the close
relationship between ADO.NET and XML, how and where to use ADO.NET in
your enterprise applications, and how to use Web Services and ADO.NET to
easily pass data between applications.
http://www.wrox.com/books/1861007604.htm
===
Fast Track ADO.NET with C# is a concise introduction to the concepts,
techniques, and libraries that you will need in order to start using ADO.NET
in your applications. The book covers DataSets and Typed DataSets, accessing
data using DataReaders and DataAdaptors, the close relationship between
ADO.NET and XML, how and where to use ADO.NET in your enterprise
applications, and how to use Web Services and ADO.NET to easily pass data
between applications.
http://www.wrox.com/books/1861007604.htm
|
|
|
View Cart
