Re: Views in SQL Server

Fri, 28 Jul 2006 07:29:36 -0700 

Hi Michael


Message: 8
Date: Fri, 28 Jul 2006 09:56:23 -0400
From: Michael Babcock <[EMAIL PROTECTED]>
Subject: Re: [NF] Views in SQL Server
To: [EMAIL PROTECTED]
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=Big5

Man-wai CHANG wrote:
>> For those who integrate VFP with SQL Server...would you set up a SQL
>> Server view and then have a stored proc that returned the view, or would
>> you just write the SQL Select code into the stored proc and return
>> that?  I'm unfamiliar with how parameterized views work in SQL
>> Server...I'm hoping it's as easy as in Fox, but I doubt it will be.  ;-)
>>
>
> Some said stored procedures are more secured than allowing direct sql
> statements.
>
>
I've heard that as well.



I had reason to run a test of SPs vs SQL. If the SP is doing the same
thing as a simple query, you're not going to gain anything by using
the SP. In my test the straight query was 2x faster.

An SP that does a lot of processing with direct access to multiple
other tables should be faster than a local procedure that extracts all
the relevant data before processing. That does not mean you can't mix
the two approaches. It's a myth that SPs are *always* faster.

As to security, first beware of SQL Injection Attacks. If you always
use parameterized SQL queries, the parameter contents can not be used
for SIA. People think every ad-hoc query is open to SQL Injection
Attack. Parameterized ad-hoc queries are as safe as SPs and may be
faster. One can always create an SP that concatenates the parameter
contents into a string which is then executed and you have SIA again
even with the SP.

If someone were somehow able to access your database at all and run a
query, they can just as easily run your SPs.

Mike


_______________________________________________
Post Messages to: [email protected]
Subscription Maintenance: http://leafe.com/mailman/listinfo/profox
OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech
** All postings, unless explicitly stated otherwise, are the opinions of the 
author, and do not constitute legal or medical advice. This statement is added 
to the messages for those lawyers who are too stupid to see the obvious.

Reply via email to