|
show the table name followed by the columns you have
sort of
insert into table1(name, firstname) values ('Smith','Fred')
where table 1 also contains the address etc
Hope this helps, but I suspect you need a book on SQL before going much further.
Bob
Ashfield Consultants Ltd
|
|
|
|
|
I am trying to set dynamic field in the page header .
If the report has multiple pages, header(with the field) occurs while viewing the report.
But while exporting to PDF or Excel , header(with the field) comes on first page only. Other pages do not contain the header information.
Thanks in advance
|
|
|
|
|
hai.
currently i m using asp.net with c# (2.0 framework)
sql server 2000.
i need to convert row into column. (without using pivot table. since some days back i found a query to execute it in "google". but i missed the query)
for example...
ID - Name
101 - Rajesh
102 - Jay
103 - Karthick
104 - Vishnu
i need the output as...
ID - NAME - ID - NAME - ID - NAME - ID - NAME
101 Rajesh 102 Jay 103 Karthick 104 Vishnu
how to achieve it? help me - KARAN
|
|
|
|
|
Karan_TN wrote: (without using pivot table
The whole technique is pivoting - taking rows and turning them into columns is pivoting.
Karan_TN wrote: ID - NAME - ID - NAME - ID - NAME - ID - NAME
101 Rajesh 102 Jay 103 Karthick 104 Vishnu
What happens when you have 50,000 records? You cannot string them together in a single row, and if you could what use would it be?
I think you need to think about what you are trying to achieve and then decide how you need the data.
Bob
Ashfield Consultants Ltd
|
|
|
|
|
Thanks Bob.. You are right.
let me think upon some other way.
thanks for understanding
|
|
|
|
|
I've written a series of ASP and winform applications for a database my one of my company's software vendors built. The vendor puts user login credentials in the sql connection strings in order to authenticate users. Since the same database is to be used, I have to use the same authentication method to keep users from being confused with additional usernames/passwords to remember.
Other than an attacker appending Integrated Security=True to the end of the connection string. What security issues should I be concerned about with this method?
|
|
|
|
|
Make sure that the connecting user only have access to the bare minimum he requires.
Such as only execute on sprocs and not access to change the sprocs, or direct access to the underlying tables.
|
|
|
|
|
<sarcasm>HAHAHA!! Of COURSE all users have very as-needed access to the DB! Our software vendor's thought of that!</sarcasm>
Of course, with any of my tables I try to keep things restricted to stored procs that certain users have access to.
Thanks for pointing this out, though. I appreciate any response.
|
|
|
|
|
I would be concerned about storing user names and passwords as plain text.
Bob
Ashfield Consultants Ltd
|
|
|
|
|
In the DB, the user credentials are stored in the syslogins table, so there's at least that bit of security.
In most of my user side applications, I've been known to use a 1-1 and onto encryption to store credentials. I've been known to be lazy at times, however.
Fortunately, no one at this company is familiar with memory editors much less CLR reflection.
Thanks for the input.
|
|
|
|
|
Keep this in mind for your web apps. It doesn't apply to desktop apps because pooling is rarely an issue there.
Pool Fragmentation Due to Integrated Security
Connections are pooled according to the connection string plus the user identity. Therefore, if you use Basic authentication or Windows Authentication on the Web site and an integrated security login, you get one pool per user. Although this improves the performance of subsequent database requests for a single user, that user cannot take advantage of connections made by other users. It also results in at least one connection per user to the database server. This is a side effect of a particular Web application architecture that developers must weigh against security and auditing requirements.
http://msdn.microsoft.com/en-us/library/8xx3tyca.aspx[^]
I can imagine the sinking feeling one would have after ordering my book,
only to find a laughably ridiculous theory with demented logic once the book arrives - Mark McCutcheon
|
|
|
|
|
Hello all,
I want to write simle trigger in sql server for auto generate numbers. Can any one help me regarding this. and also want to know the Basic Structure of triggers in sql server 2005.Please help me regarding this.
Thanks
Rizana
|
|
|
|
|
|
|
Firstly, you don't need a trigger to auto generate numbers, have an identity column instead.
Secondly for the basic structure of a trigger try reading the help.
In fact, in light of your question, I suggest you read up on triggers before attempting to use them as you seem unclear about what they are for.
Bob
Ashfield Consultants Ltd
|
|
|
|
|
Hello Mr.bob,
i want to write trigger only, because i want to generate number with Preceeding alphabets like 'a001' 'b002' for taht only i need triggers usually in my graduation i wrote trigger in oracle 9 i. but i dont know with the sql server. any way thanks for your suggestion. can i get the above with out trigger Please let me Know.
Thanks
RRiiizzzz
|
|
|
|
|
What is the benifit i get using stored procedure instead of tables in my web application using asp.net with c#
|
|
|
|
|
harish.k12 wrote: What is the benifit i get using stored procedure instead of tables in my web application using asp.net with c#
Security - If you provide access to the stored procs only and revoke access directly to the tables.
Consistent interface with the database - If you update your table structure it can easily break any applications that rely on the old structure. With stored procedures you get to define exactly what inputs and outputs are meaning that if you change your table structure the only other changes needed are to stored procedures (also in the database) so your applications will never need to be updated and redeployed.
|
|
|
|
|
... and performance. I know dynamic sql queries now get the query plan cached, but for anything slightly complex a stored procedure will consistently outperform dynamic sql. You are also (or should be) moving lots less data around the network - consider the select statment for a table of 25 columns compared to a simple "up_getaccount @accountid= 'abc'"
Bob
Ashfield Consultants Ltd
|
|
|
|
|
Ashfield wrote: and performance
Negligable these days... Also you can really screw up a sproc if it has a conditional statement with each path requiring a wildly different query plan. The first time the sproc is used it will cache the query plan. When it goes down the other path in subsequent calls it will be using an inefficient query plan.
|
|
|
|
|
Colin Angus Mackay wrote: if it has a conditional statement with each path requiring a wildly different query plan.
Should not be in the same proc then. Maybe have one main proc which checks the conditional variable and calls a further proc dependant on the value (which will then be properly optimised)
As for using stored procs, if you want more than a reasonably straight forward query there are far more opportunities for perfomance tuning in a proc than a piece of sql.
Bob
Ashfield Consultants Ltd
|
|
|
|
|
Ashfield wrote: Should not be in the same proc then.
Absolutely - But is it something most people will think about?
Ashfield wrote: there are far more opportunities for perfomance tuning in a proc than a piece of sql.
Really? Isn't a stored proc just "a piece of sql"?
|
|
|
|
|
Colin Angus Mackay wrote: Absolutely - But is it something most people will think about
Well, if people don't think about performance it's their own fault.
Colin Angus Mackay wrote: Really? Isn't a stored proc just "a piece of sql"?
I was, I thought rather obviously, talking about real world code, where you frequently do a bit more than select a few fields from a couple of tables. For example taking a transactioon file of 2 million records and generating positions - try getting decent performance in something like that without stored procs. However, if you prefer to live in the world of CP type questions and believe that everything can be done with a few selects thats up to you - those of us that produce code for a living know the pros and cons of different methods but are always open to suggestion.
Bob
Ashfield Consultants Ltd
|
|
|
|
|
Ashfield wrote: those of us that produce code for a living know the pros and cons of different methods but are always open to suggestion.
You don't sound very open to suggestion. It sounds like you are tying to insult me.
All I am saying is that a stored proc is just a piece of SQL. It happens to be stored in the database rather than have an application send it out. But, you can pack quite a lot in to a SqlCommand object if you have to. And if the SQL is highly changable I'm glad of that feature. It is, admittedly, not something I've put into production code, but if you need something quick, ad hoc, and throw away these features can be very useful.
Also, you can do just as much by sticking all the SQL into the SQL Command as you can by sticking the same SQL in a stored procedure. I also don't recommend doing that in a production environment. But those of us that produce code for a living know that sometimes you need something quick and dirty to get something going, such as a test environment or for a one time migration of data from one system to another.
At the end of the day you cannot simply say you have to use stored procedures for everything. You have to be open to the possibility that you can do the job with out them sometimes and it is acceptable to do so. You also have to know that they do make a lot of sense in many other scenarios.
|
|
|
|
|
Colin Angus Mackay wrote: You don't sound very open to suggestion. It sounds like you are tying to insult me.
Any insult was unintentional, I was merely trying to emphasise the difference between the college type of question we frequently get here on CP and the real world.
For a 'quick and dirty' we all do things we wouldn't put into production.
Colin Angus Mackay wrote: At the end of the day you cannot simply say you have to use stored procedures for everything.
As a long tme contractor, developing solutions in SQL, C#, VB.NET and ASP.NET, I have worked fr many clients (mostly blue chip financials), and the vast majority will not allow embedded sql, all database access is via stored procedures - for the very reason of change. Making a change to a stored procedure (which may then be replicated out) is far preferable and much quicker than co-ordinating an application roll out an to users worldwide for what may only be a one column change. As far as I am concerned embedding sql in a production strength application is an absolute no-no, but everyone to their own opinion.
Bob
Ashfield Consultants Ltd
|
|
|
|