Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase ««12

Beauty is in the Eye of the Beholder Expand / Collapse
Author
Message
Posted Tuesday, September 19, 2006 7:23 AM
SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: Tuesday, July 29, 2014 2:47 PM
Points: 132, Visits: 114
My pleasure Bryant! That's why I wrote the article. For all of our religious arguments, programming really isn't theology, it's a means to an end. If I get people to step back and question their assumptions (just to question, not to change), I would be very happy.
Post #309627
Posted Tuesday, September 19, 2006 7:34 AM
Valued Member

Valued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued Member

Group: General Forum Members
Last Login: Monday, March 9, 2009 1:35 PM
Points: 60, Visits: 12
Good article. I agree that there are times when one has to use dynamic sql. Further, in the many cases that I have used it, the run time even with the compile time has been faster than the optimized code that doesn't use it, usually where variables are needed in the join clauses.




Post #309630
Posted Tuesday, September 19, 2006 11:15 AM


SSC Eights!

SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!

Group: General Forum Members
Last Login: Thursday, February 6, 2014 12:59 PM
Points: 801, Visits: 1,962

I agree with Stephen too.  I also agree with you.

GOTO's served a purpose for a time but got misused and the misuse was what was actually bad.  Same thing for religion and guns.  Pizza and beer for that matter.  Anything can be misused and it is that misuse that is bad.

Then you people who elevate things to the level of religion (Object Oriented Programming, Non-dynamic SQL, Oracle, C++, etc.) and treat the rest of us like errent dogs.  We get told "Bad, bad." and swatted on the nose with a rolled up paper.  Usually it's a "white paper" that they are trying to get paid for writing.  Tisk, tisk, tisk.  How sad.

Store procedures are fine things.  SQL server implements them well.  The jury is still out on CLR integration in 2005.  As for VB, don't get me started.  I admit that I love it but nothing lower than VB-6.  Any project that gets re-written or major upgrade gets converted to 2005 instantly.  We write handheld apps, desktop apps, and services in VB 2005.  All high performance.  The key is "don't use the slow objects" unless nothing else will work.

Just like anything can be misused that same thing can also be used well.  Know the good and the bad.  Know when something is good or bad in the particlular circumstances and then use something that you are paid for.  Your own good judgement.



ATB

Charles Kincaid

Post #309692
Posted Wednesday, October 25, 2006 12:06 PM
Grasshopper

GrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopper

Group: General Forum Members
Last Login: Tuesday, March 30, 2010 6:29 AM
Points: 16, Visits: 126
Dynamic SQL has given me the ability to convert 1000s of lines of old Sybase SQL code to 100s of lines of code that are lookup file/table driven.


Post #318036
Posted Wednesday, September 19, 2007 2:20 AM
SSC Veteran

SSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC Veteran

Group: General Forum Members
Last Login: Monday, August 11, 2014 9:45 AM
Points: 207, Visits: 956

As a programmer heavily involved in database development, I normally avoid dynamic SQL within any code, but I've used plenty of it within stored procedures, which seem to give you the best of both worlds.

Of course, the actual sin of dynamic SQL is passing in un-verified text from the end user into the generated statement(s), as that's where injection occurs. If you simply generate the SQL within the stored proc, (or wherever), based on a few options passed by the user, then all they can do is pick from a limited set of SQL statements that you've already made sure aren't going to break the system.

The only thing I'd say that's "BAD, BAD, BAD" is discounting any option or technique available, so that's why I agree with the article's basic sentiments.

Paul



Paul

Post #400214
« Prev Topic | Next Topic »

Add to briefcase ««12

Permissions Expand / Collapse