Defensive Database Programming - Red Gate Software

More documents

Recommendations

Info

Chapter 3: Surviving Changes to <strong>Database</strong> ObjectsBarcodeNumItems---------------------------------------123456 0123654 0Listing 3-19: The query works differently when a Barcode column is added tothe ShipmentItems table.We do not get any error messages; our query continues to work but silently changes itsbehavior. With the addition of the Barcode column to the ShipmentItems table, ourquery is interpreted quite differently. Now, for every shipment, it selects its barcodefollowed by the number of ShipmentItems whose Barcode value matches theirShipmentBarcode value. In other words, the correlated subquery becomesuncorrelated; the WHERE clause of the inner query no longer uses a value from theouter query.It takes just a few moments to properly qualify all the column names in our query,and the improved query will continue to work correctly even after the addition of theBarcode column to our ShipmentItems table, as shown in Listing 3-20.SELECT s.Barcode ,( SELECT COUNT(*)FROM dbo.ShipmentItems AS iWHERE i.ShipmentBarcode = s.Barcode) AS NumItemsFROM dbo.Shipments AS s ;BarcodeNumItems---------------------------------------123456 2123654 0Listing 3-20: Qualified column names lead to more robust code.As I hope this example proves, qualifying column names improves the robustness ofour queries. The same technique also ensures that you get an error, instead of incorrectresults, when a column is removed or when a column name is misspelled. For example,94
Chapter 3: Surviving Changes to <strong>Database</strong> Objectsconsider the case of an uncorrelated subquery that becomes correlated because acolumn from a table in the subquery is removed (or misspelled in the query), buthappens to match a column in the outer query. Many developers forget that the parserwill look in the outer query if it fails to find a match in the inner query.Handling changes in nullability: NOT IN versusNOT EXISTSQueries with NOT IN have a well known vulnerability. They do not work as aninexperienced database programmer might expect, if the subquery contained in theNOT IN clause returns at least one NULL. This is easy to demonstrate. In Listing 3-21,we recreate our ShipmentItems table with a Barcode column that does notaccept NULLs, and then insert some fresh data. We then execute a query that usesthe NOT IN clause.DROP TABLE dbo.ShipmentItems ;GOCREATE TABLE dbo.ShipmentItems(ShipmentBarcode VARCHAR(30) NOT NULL ,Description VARCHAR(100) NULL ,Barcode VARCHAR(30) NOT NULL) ;GOINSERT INTO dbo.ShipmentItems( ShipmentBarcode ,Barcode ,Description)SELECT '123456' ,'1010203' ,'Some cool widget'UNION ALL95
Page 5 and 6:
Chapter 2: Code Vulnerabilities due
Page 7 and 8:
Enforcing Data Integrity in the App
Page 9 and 10:
About the AuthorAlex Kuznetsov has
Page 11 and 12:
IntroductionResilient T-SQL code is
Page 13 and 14:
IntroductionCh. 02: Code Vulnerabil
Page 15 and 16:
IntroductionSpecific examples demon
Page 17:
IntroductionWhat this book does not
Page 21 and 22:
Chapter 1: Basic Defensive Database
Page 24 and 25:
Page 26 and 27:
Page 28 and 29:
Page 30 and 31:
Page 32 and 33:
Page 34 and 35:
Page 36 and 37:
Page 38 and 39:
Page 40 and 41:
Page 42 and 43:
Page 44 and 45: Chapter 1: Basic Defensive Database
Page 57 and 58: Chapter 2: Code Vulnerabilitiesdue
Page 59 and 60: Chapter 2: Code Vulnerabilities due
Page 75: Chapter 2: Code Vulnerabilities due
Page 78 and 79: Chapter 3: Surviving Changes to Dat
Page 104 and 105: 104
Page 106: Chapter 4: When Upgrading Breaks Co
Page 109 and 110: Chapter 4: When Upgrading Breaks Co
Page 132 and 133: Chapter 5: Reusing T-SQL CodeThe Da
Page 134 and 135: Chapter 5: Reusing T-SQL CodeIt is
Page 136 and 137: Chapter 5: Reusing T-SQL CodeAverag
Page 138 and 139: Chapter 5: Reusing T-SQL CodeBEGINS
Page 140 and 141: Chapter 5: Reusing T-SQL CodeWe als
Page 142 and 143: Chapter 5: Reusing T-SQL CodeLet's
Page 144 and 145:
Chapter 5: Reusing T-SQL CodeStateC
Page 146 and 147:
Chapter 5: Reusing T-SQL CodeStateC
Page 148 and 149:
Chapter 5: Reusing T-SQL CodeBEGIN
Page 150 and 151:
Chapter 5: Reusing T-SQL CodeSELECT
Page 152 and 153:
Chapter 5: Reusing T-SQL CodeReusin
Page 154 and 155:
Chapter 5: Reusing T-SQL CodeIt is
Page 156 and 157:
Chapter 5: Reusing T-SQL CodeINSERT
Page 158 and 159:
Chapter 5: Reusing T-SQL CodeListin
Page 160 and 161:
Chapter 5: Reusing T-SQL CodeUnique
Page 162 and 163:
162
Page 164 and 165:
Chapter 6: Common Problems with Dat
Page 166 and 167:
Page 168 and 169:
Page 170 and 171:
Page 172 and 173:
Page 174 and 175:
Page 176 and 177:
Page 178 and 179:
Page 180 and 181:
Page 182 and 183:
Page 184 and 185:
Page 186 and 187:
Page 188 and 189:
Page 190 and 191:
Page 192 and 193:
Page 194 and 195:
Page 196 and 197:
Page 198 and 199:
Page 200 and 201:
Page 202 and 203:
Page 205 and 206:
Page 207 and 208:
Page 209 and 210:
Chapter 7: Advanced Use ofConstrain
Page 211 and 212:
Chapter 7: Advanced Use of Constrai
Page 213 and 214:
Page 215 and 216:
Page 217 and 218:
Page 219 and 220:
Page 221 and 222:
Page 223 and 224:
Page 225 and 226:
Page 227 and 228:
Page 229 and 230:
Page 231 and 232:
Page 233 and 234:
Page 235 and 236:
Page 237 and 238:
Page 239 and 240:
Page 241 and 242:
Page 243 and 244:
Page 245 and 246:
Page 247 and 248:
Page 249 and 250:
Page 251 and 252:
Page 253 and 254:
Page 255 and 256:
Chapter 8: Defensive ErrorHandlingT
Page 257 and 258:
Chapter 8: Defensive Error Handling
Page 259 and 260:
Page 261 and 262:
Page 263 and 264:
Page 265 and 266:
Page 267 and 268:
Page 269 and 270:
Page 271 and 272:
Page 273 and 274:
Page 275 and 276:
Page 277 and 278:
Page 279 and 280:
Page 281 and 282:
Page 283 and 284:
Page 285 and 286:
Page 287 and 288:
Page 289 and 290:
Page 291 and 292:
show all

Defensive Database Programming - Red Gate Software

Create successful ePaper yourself

Delete template?

Save as template?