Defensive Database Programming - Red Gate Software

More documents

Recommendations

Info

Chapter 2: Code Vulnerabilities due to SQL Server MisconceptionsIn Chapter 3, we will discuss the dangers of using SELECT, rather than SET, to assign avariable when multiple rows can be returned, and how use of the latter can make yourcode much more resilient to changes to the underlying schema objects.Specify ORDER BY if you need ordered dataIf your query does not have an ORDER BY clause, the data can be returned in any order.This may sound trivial, but all too many developers who are new to SQL assume that thedata has some "natural" or "default" order. This is simply not true; there is no such thingas default or natural order.To demonstrate this fact, I have chosen to use a really wide table; a table with just a fewrows on every page.CREATE TABLE dbo.WideTable(ID INT NOT NULL ,RandomInt INT NOT NULL ,CharFiller CHAR(1000) NULL ,CONSTRAINT PK_WideTable PRIMARY KEY ( ID )) ;Listing 2-20: Creating a wide table.Also, let us make sure that the table is big enough (100K rows), so that it is stored onmany pages. As such, the script in Listing 2-21 may take some time to run.SET NOCOUNT ON ;DECLARE @ID INT ;SET NOCOUNT ON ;SET @ID = 1 ;WHILE @ID < 100000BEGIN ;INSERT INTO dbo.WideTable( ID, RandomInt, CharFiller )72
Chapter 2: Code Vulnerabilities due to SQL Server MisconceptionsSELECT @ID ,RAND() * 1000000 ,'asdf' ;GOSET @ID = @ID + 1 ;END ;Listing 2-21: Adding 100K rows to the wide table.If we select the data from this table, without providing an ORDER BY clause, the datamay be retrieved in the order in which it was inserted, as was the case when I ran thequery shown in Listing 2-22 on my server.SELECT TOP ( 1000 )IDFROM dbo.WideTable ;ID-----------12345(snip)Listing 2-22: Without an ORDER BY clause, the rows are returned in the order theywere inserted.However, there is no guarantee that this script will work on your server in exactly thesame way that it did on mine. Many people assume that, in the absence of an ORDER BYclause, the data will be returned "in the order of the primary key," or "in the order of theclustering index," or "in the order it was inserted." None of these assumptions is correct.Listing 2-23 demonstrates that after we have added a non-clustered index, the result ofour query is different.73
Page 5 and 6:
Chapter 2: Code Vulnerabilities due
Page 7 and 8:
Enforcing Data Integrity in the App
Page 9 and 10:
About the AuthorAlex Kuznetsov has
Page 11 and 12:
IntroductionResilient T-SQL code is
Page 13 and 14:
IntroductionCh. 02: Code Vulnerabil
Page 15 and 16:
IntroductionSpecific examples demon
Page 17:
IntroductionWhat this book does not
Page 21 and 22: Chapter 1: Basic Defensive Database
Page 57 and 58: Chapter 2: Code Vulnerabilitiesdue
Page 59 and 60: Chapter 2: Code Vulnerabilities due
Page 71: Chapter 2: Code Vulnerabilities due
Page 75: Chapter 2: Code Vulnerabilities due
Page 78 and 79: Chapter 3: Surviving Changes to Dat
Page 104 and 105: 104
Page 106: Chapter 4: When Upgrading Breaks Co
Page 109 and 110: Chapter 4: When Upgrading Breaks Co
Page 123 and 124:
Chapter 4: When Upgrading Breaks Co
Page 125 and 126:
Page 127 and 128:
Page 130 and 131:
Page 132 and 133:
Chapter 5: Reusing T-SQL CodeThe Da
Page 134 and 135:
Chapter 5: Reusing T-SQL CodeIt is
Page 136 and 137:
Chapter 5: Reusing T-SQL CodeAverag
Page 138 and 139:
Chapter 5: Reusing T-SQL CodeBEGINS
Page 140 and 141:
Chapter 5: Reusing T-SQL CodeWe als
Page 142 and 143:
Chapter 5: Reusing T-SQL CodeLet's
Page 144 and 145:
Chapter 5: Reusing T-SQL CodeStateC
Page 146 and 147:
Chapter 5: Reusing T-SQL CodeStateC
Page 148 and 149:
Chapter 5: Reusing T-SQL CodeBEGIN
Page 150 and 151:
Chapter 5: Reusing T-SQL CodeSELECT
Page 152 and 153:
Chapter 5: Reusing T-SQL CodeReusin
Page 154 and 155:
Chapter 5: Reusing T-SQL CodeIt is
Page 156 and 157:
Chapter 5: Reusing T-SQL CodeINSERT
Page 158 and 159:
Chapter 5: Reusing T-SQL CodeListin
Page 160 and 161:
Chapter 5: Reusing T-SQL CodeUnique
Page 162 and 163:
162
Page 164 and 165:
Chapter 6: Common Problems with Dat
Page 166 and 167:
Page 168 and 169:
Page 170 and 171:
Page 172 and 173:
Page 174 and 175:
Page 176 and 177:
Page 178 and 179:
Page 180 and 181:
Page 182 and 183:
Page 184 and 185:
Page 186 and 187:
Page 188 and 189:
Page 190 and 191:
Page 192 and 193:
Page 194 and 195:
Page 196 and 197:
Page 198 and 199:
Page 200 and 201:
Page 202 and 203:
Page 205 and 206:
Page 207 and 208:
Page 209 and 210:
Chapter 7: Advanced Use ofConstrain
Page 211 and 212:
Chapter 7: Advanced Use of Constrai
Page 213 and 214:
Page 215 and 216:
Page 217 and 218:
Page 219 and 220:
Page 221 and 222:
Page 223 and 224:
Page 225 and 226:
Page 227 and 228:
Page 229 and 230:
Page 231 and 232:
Page 233 and 234:
Page 235 and 236:
Page 237 and 238:
Page 239 and 240:
Page 241 and 242:
Page 243 and 244:
Page 245 and 246:
Page 247 and 248:
Page 249 and 250:
Page 251 and 252:
Page 253 and 254:
Page 255 and 256:
Chapter 8: Defensive ErrorHandlingT
Page 257 and 258:
Chapter 8: Defensive Error Handling
Page 259 and 260:
Page 261 and 262:
Page 263 and 264:
Page 265 and 266:
Page 267 and 268:
Page 269 and 270:
Page 271 and 272:
Page 273 and 274:
Page 275 and 276:
Page 277 and 278:
Page 279 and 280:
Page 281 and 282:
Page 283 and 284:
Page 285 and 286:
Page 287 and 288:
Page 289 and 290:
Page 291 and 292:
show all

Defensive Database Programming - Red Gate Software

Create successful ePaper yourself

Delete template?

Save as template?