Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

Defensive Database Programming Expand / Collapse
Author
Message
Posted Wednesday, February 24, 2010 9:13 AM
SSC Veteran

SSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC Veteran

Group: General Forum Members
Last Login: Saturday, May 24, 2014 7:58 PM
Points: 219, Visits: 824
Comments posted to this topic are about the item Defensive Database Programming
Post #871993
Posted Wednesday, December 4, 2013 7:44 AM
Old Hand

Old HandOld HandOld HandOld HandOld HandOld HandOld HandOld Hand

Group: General Forum Members
Last Login: Friday, April 24, 2015 7:27 AM
Points: 342, Visits: 755
I noticed the examples in the book for creating a Numbers table. Of course they all work fine! I would like to contribute a variant that I happen to like. It depends on the (undocumented but heavily used) table master.dbo.spt_values, though any sufficiently-large table will do:

SELECT TOP <quantity desired> IDENTITY(int, 0,1) AS n 
INTO #Numbers
FROM master.dbo.spt_values v1, master.dbo.spt_values v2;

ALTER TABLE #Numbers ADD PRIMARY KEY CLUSTERED (n);

SELECT COUNT(*) from #Numbers;

This gave me 5503716 natural numbers to use on my SQL Server 2005 instance and 6290064 on my SQL Server 2008 R2 instance. I believe that it is also much faster than the while-loop approach. Since the table is populated using a cartesian product, one can rapidly build tables of any size, subject to disk space limitations of course. You can fill in <quantity desired> with the upper limit of the range you need.
Post #1519638
Posted Tuesday, August 5, 2014 8:48 AM


SSC Rookie

SSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC Rookie

Group: General Forum Members
Last Login: Tuesday, April 21, 2015 7:07 AM
Points: 29, Visits: 161
I was reading Chapter 1 of your interesting book and was a bit puzzled by the solution to the Defending Against Cases of Unintended Use example. If you do not want people to use special SQL characters in the search string, why not just recode your stored procedure as a basic string comparison, like:
CREATE PROCEDURE dbo.SelectMessagesBySubjectBeginning_v2
@SubjectBeginning VARCHAR(30)
AS
SET NOCOUNT ON;
SELECT Subject, Body
FROM dbo.Messages WHERE LEFT(Subject, LEN(@SubjectBeginning)) = @SubjectBeginning;

which removes the problems with
LIKE

and works with searches on '[OT]' or '50%' which was one of the problem examples given?
When it comes to parameters in SQL or XSLT, the more strongly-typed the better, I would have thought. Primitive strings should be primitive strings without magical symbols.
If you wanted to provide variations on "starts-with" or "contains" or "all these words" or "exact phrase" or even "synonyms" then you could provide separate parameters. I am probably biased against wildcard searches, mind you, perhaps as they are associated in my mind with people messing about with non-atomic identifiers.
Post #1599762
Posted Monday, April 6, 2015 11:34 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Friday, April 10, 2015 11:30 AM
Points: 6, Visits: 10
gbritton1 (12/4/2013)
I noticed the examples in the book for creating a Numbers table. Of course they all work fine! I would like to contribute a variant that I happen to like. It depends on the (undocumented but heavily used) table master.dbo.spt_values, though any sufficiently-large table will do:

SELECT TOP <quantity desired> IDENTITY(int, 0,1) AS n 
INTO #Numbers
FROM master.dbo.spt_values v1, master.dbo.spt_values v2;

ALTER TABLE #Numbers ADD PRIMARY KEY CLUSTERED (n);

SELECT COUNT(*) from #Numbers;

This gave me 5503716 natural numbers to use on my SQL Server 2005 instance and 6290064 on my SQL Server 2008 R2 instance. I believe that it is also much faster than the while-loop approach. Since the table is populated using a cartesian product, one can rapidly build tables of any size, subject to disk space limitations of course. You can fill in <quantity desired> with the upper limit of the range you need.


Indeed, this variant is faster than the one in the book. However, I would not use it for two reasons:

1. This method is based on system tables (undocumented spt_values). I also saw a variation of this method using sys.objects. I would not base my solution on anything which does not belong to my application and over which I do not have full control. For example: the content of these sys tables may change, the tables may not be valid anymore in new version of SQL, etc.

2. This method is still slow. It creates and populates #Numbers table very fast, but then it spends a lot of time to add PRIMARY KEY. If you want to play with IDENTITY, I would recommend the following approach:

CREATE TABLE Numbers (Number int identity(1,1) NOT NULL PRIMARY KEY, T bit NULL);

WITH
T1(T) AS (SELECT T FROM (VALUES (1),(2),(3),(4),(5),(6),(7),(8),(9),(10)) AS T(T)) --10 rows
,T2(T) AS (SELECT A.T FROM T1 AS A CROSS JOIN T1 AS B CROSS JOIN T1 AS C) --1,000 rows
,T3(T) AS (SELECT A.T FROM T2 AS A CROSS JOIN T2 AS B CROSS JOIN T2 AS C) --1,000,000,000 rows

INSERT INTO dbo.Numbers(T)
SELECT TOP <quantity desired> NULL
FROM T3;

ALTER TABLE Numbers
DROP COLUMN T;

However, if you really want to see the fastest method, here is the winner (according to my tests):

CREATE TABLE Numbers (Number int NOT NULL PRIMARY KEY);
DECLARE @RowsToCreate int = <quantity desired>;

--Code from a post by Itzik Ben-Gan
WITH
L0 AS(SELECT 1 AS C UNION ALL SELECT 1 AS O), -- 2 rows
L1 AS(SELECT 1 AS C FROM L0 AS A CROSS JOIN L0 AS B), -- 4 rows
L2 AS(SELECT 1 AS C FROM L1 AS A CROSS JOIN L1 AS B), -- 16 rows
L3 AS(SELECT 1 AS C FROM L2 AS A CROSS JOIN L2 AS B), -- 256 rows
L4 AS(SELECT 1 AS C FROM L3 AS A CROSS JOIN L3 AS B), -- 65,536 rows
L5 AS(SELECT 1 AS C FROM L4 AS A CROSS JOIN L4 AS B), -- 4,294,967,296 rows
Tally AS(SELECT ROW_NUMBER() OVER(ORDER BY C) AS Number FROM L5)
INSERT INTO Numbers (Number)
SELECT Number
FROM Tally
WHERE Number <= @RowsToCreate;

If you want to see more methods please check out this link: What is the best way to create and populate a numbers table?
Post #1674721
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse