SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


Beauty is in the Eye of the Beholder


Beauty is in the Eye of the Beholder

Author
Message
Stephen Hirsch
Stephen Hirsch
SSChasing Mays
SSChasing Mays (638 reputation)SSChasing Mays (638 reputation)SSChasing Mays (638 reputation)SSChasing Mays (638 reputation)SSChasing Mays (638 reputation)SSChasing Mays (638 reputation)SSChasing Mays (638 reputation)SSChasing Mays (638 reputation)

Group: General Forum Members
Points: 638 Visits: 161
My pleasure Bryant! That's why I wrote the article. For all of our religious arguments, programming really isn't theology, it's a means to an end. If I get people to step back and question their assumptions (just to question, not to change), I would be very happy.
Clinton Herring
Clinton Herring
SSC-Addicted
SSC-Addicted (492 reputation)SSC-Addicted (492 reputation)SSC-Addicted (492 reputation)SSC-Addicted (492 reputation)SSC-Addicted (492 reputation)SSC-Addicted (492 reputation)SSC-Addicted (492 reputation)SSC-Addicted (492 reputation)

Group: General Forum Members
Points: 492 Visits: 12
Good article. I agree that there are times when one has to use dynamic sql. Further, in the many cases that I have used it, the run time even with the compile time has been faster than the optimized code that doesn't use it, usually where variables are needed in the join clauses.



Charles Kincaid
Charles Kincaid
SSCarpal Tunnel
SSCarpal Tunnel (4.5K reputation)SSCarpal Tunnel (4.5K reputation)SSCarpal Tunnel (4.5K reputation)SSCarpal Tunnel (4.5K reputation)SSCarpal Tunnel (4.5K reputation)SSCarpal Tunnel (4.5K reputation)SSCarpal Tunnel (4.5K reputation)SSCarpal Tunnel (4.5K reputation)

Group: General Forum Members
Points: 4513 Visits: 2384

I agree with Stephen too. I also agree with you.

GOTO's served a purpose for a time but got misused and the misuse was what was actually bad. Same thing for religion and guns. Pizza and beer for that matter. Anything can be misused and it is that misuse that is bad.

Then you people who elevate things to the level of religion (Object Oriented Programming, Non-dynamic SQL, Oracle, C++, etc.) and treat the rest of us like errent dogs. We get told "Bad, bad." and swatted on the nose with a rolled up paper. Usually it's a "white paper" that they are trying to get paid for writing. Tisk, tisk, tisk. How sad.

Store procedures are fine things. SQL server implements them well. The jury is still out on CLR integration in 2005. As for VB, don't get me started. I admit that I love it but nothing lower than VB-6. Any project that gets re-written or major upgrade gets converted to 2005 instantly. We write handheld apps, desktop apps, and services in VB 2005. All high performance. The key is "don't use the slow objects" unless nothing else will work.

Just like anything can be misused that same thing can also be used well. Know the good and the bad. Know when something is good or bad in the particlular circumstances and then use something that you are paid for. Your own good judgement.



ATBCharles Kincaid
pamarant
pamarant
SSC-Enthusiastic
SSC-Enthusiastic (140 reputation)SSC-Enthusiastic (140 reputation)SSC-Enthusiastic (140 reputation)SSC-Enthusiastic (140 reputation)SSC-Enthusiastic (140 reputation)SSC-Enthusiastic (140 reputation)SSC-Enthusiastic (140 reputation)SSC-Enthusiastic (140 reputation)

Group: General Forum Members
Points: 140 Visits: 126
Dynamic SQL has given me the ability to convert 1000s of lines of old Sybase SQL code to 100s of lines of code that are lookup file/table driven.



Paul.
Paul.
Old Hand
Old Hand (389 reputation)Old Hand (389 reputation)Old Hand (389 reputation)Old Hand (389 reputation)Old Hand (389 reputation)Old Hand (389 reputation)Old Hand (389 reputation)Old Hand (389 reputation)

Group: General Forum Members
Points: 389 Visits: 971

As a programmer heavily involved in database development, I normally avoid dynamic SQL within any code, but I've used plenty of it within stored procedures, which seem to give you the best of both worlds.

Of course, the actual sin of dynamic SQL is passing in un-verified text from the end user into the generated statement(s), as that's where injection occurs. If you simply generate the SQL within the stored proc, (or wherever), based on a few options passed by the user, then all they can do is pick from a limited set of SQL statements that you've already made sure aren't going to break the system.

The only thing I'd say that's "BAD, BAD, BAD" is discounting any option or technique available, so that's why I agree with the article's basic sentiments.

Paul



Paul

Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search