Presentation is loading. Please wait.

Presentation is loading. Please wait.

LCT2506 Internet 2 Further SQL Stored Procedures.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "LCT2506 Internet 2 Further SQL Stored Procedures."— Presentation transcript:

1 LCT2506 Internet 2 Further SQL Stored Procedures

2 LCT2506 Internet 2 Topics  Good practice in complex apps  Complex queries  Stored Procedures

3 LCT2506 Internet 2 Normalization  The idea that a row of a table should refer to a single entity –Bad to have multiple phone numbers in a single table  Leads to more efficient searching and smaller databases  Means you often need information from more than one table /adamisherwood /normalization

4 LCT2506 Internet 2 Combining table contents  Example: Shopping Cart –Record item id, quantity, user id  If you want to display product details when showing cart contents, need more data  Accomplish using a JOIN as part of SELECT

5 LCT2506 Internet 2 Example using WHERE clause SELECT product.Name, product.price, basket.quantity FROM product, basket WHERE basket.prodId = product.prodId AND basket.userId = ‘adam’

6 LCT2506 Internet 2 Example using INNER JOIN SELECT product.Name, product.Price, basket.quantity FROM basket INNER JOIN product ON prodId = prodId WHERE basket.userId = ‘adam’

7 LCT2506 Internet 2 Query Builder  Within Visual Studio complex SELECT queries can be built using Query Builder  Can build a static version and then plug in variables as needed.  MS products tend to use the INNER JOIN syntax

8 LCT2506 Internet 2 Performance tips  Use the ORDER BY clause for sorting select * from products ORDER BY cost;  Can calculate query results select top 6 id from users where id > 7  Other functions include count, max, sum

9 LCT2506 Internet 2 SQL Injection

10 LCT2506 Internet 2 What is SQL Injection?  A security exploit for the database layer of applications  Present when unfiltered user input passed directly to database  At best: cause application error  At worst: allow hostile attacker to discover private information and compromise your server

11 LCT2506 Internet 2 Match any  Rather than filter the table contents this query will select all rows  If the user types –anything’ OR ‘x’=‘x  Essentially a match any query

12 LCT2506 Internet 2 Not just read-only  Can alter contents…

13 LCT2506 Internet 2 Prevention  Use database permissions to restrict access rights (esp DROP)  Parse user inputs to remove ‘ characters  Avoid building SQL on the fly!  Use prepared queries or stored procedures instead

14 LCT2506 Internet 2 Stored Procedures

15 LCT2506 Internet 2 What is a stored procedure  A feature of MS SQL Server  Allows database to pre-compile SQL queries  When data added in place of variables, execution is very fast

16 LCT2506 Internet 2 Benefits  Performance: stored code is pre-computed, real savings if re-used  Reduced network traffic: only limited info passed between web and db servers  Efficient code reuse  Multiple programs can use same proc  Enhanced security: defeats SQL Injection

17 LCT2506 Internet 2 Simple Example

18 LCT2506 Internet 2 Multiple Queries

Download ppt "LCT2506 Internet 2 Further SQL Stored Procedures."

Similar presentations

AS ICT Building a complex multi-table form. Introduction In addition to the single table form and sub-form design wizard available in earlier versions,

AS ICT Building a complex multi-table form. Introduction In addition to the single table form and sub-form design wizard available in earlier versions,
AS ICT Finding your way round MS-Access 2007. The Home Ribbon This ribbon is automatically displayed when MS-Access is started and when existing tables.

AS ICT Finding your way round MS-Access The Home Ribbon This ribbon is automatically displayed when MS-Access is started and when existing tables.
What is a Database By: Cristian Dubon.

What is a Database By: Cristian Dubon.
Introduction The concept of “SQL Injection”

Introduction The concept of “SQL Injection”
Www.regouniversity.com Clarity Educational Community www.regouniversity.com Clarity Educational Community Creating and Tuning SQL Queries that Engage Users.

Clarity Educational Community Clarity Educational Community Creating and Tuning SQL Queries that Engage Users.
LCT2506 Internet 2 Data-driven web sites Week 5. LCT2506 Internet 2 Current Practice  Combining web pages and data stored in a relational database is.

LCT2506 Internet 2 Data-driven web sites Week 5. LCT2506 Internet 2 Current Practice  Combining web pages and data stored in a relational database is.
A Guide to Oracle9i1 Advanced SQL And PL/SQL Topics Chapter 9.

A Guide to Oracle9i1 Advanced SQL And PL/SQL Topics Chapter 9.
Performed by:Gidi Getter Svetlana Klinovsky Supervised by:Viktor Kulikov 08/03/2009.

Performed by:Gidi Getter Svetlana Klinovsky Supervised by:Viktor Kulikov 08/03/2009.
Attribute databases. GIS Definition Diagram Output Query Results.

Attribute databases. GIS Definition Diagram Output Query Results.
Some Introductory Programming 1. Structured Query Language - used for queries. - a standard database product. 2. Visual Basic for Applications - use of.

Some Introductory Programming 1. Structured Query Language - used for queries. - a standard database product. 2. Visual Basic for Applications - use of.
Chapter 7 Managing Data Sources. ASP.NET 2.0, Third Edition2.

Chapter 7 Managing Data Sources. ASP.NET 2.0, Third Edition2.
8/6/2015 1 ITE 370: SQL Stored Procedures. 8/6/2015 2 Stored Procedures A stored procedure is A stored procedure is a collection of SQL statements saved.

8/6/ ITE 370: SQL Stored Procedures. 8/6/ Stored Procedures A stored procedure is A stored procedure is a collection of SQL statements saved.
CORE 2: Information systems and Databases STORAGE & RETRIEVAL 2 : SEARCHING, SELECTING & SORTING.

CORE 2: Information systems and Databases STORAGE & RETRIEVAL 2 : SEARCHING, SELECTING & SORTING.
State of Connecticut Core-CT Project Query 4 hrs Updated 1/21/2011.

State of Connecticut Core-CT Project Query 4 hrs Updated 1/21/2011.
Stored Procedures Dr. Ralph D. Westfall May, 2009.

Stored Procedures Dr. Ralph D. Westfall May, 2009.
MS Access Advanced Instructor: Vicki Weidler Assistant:

MS Access Advanced Instructor: Vicki Weidler Assistant:
Check That Input Preventing SQL Injection Attacks By Andrew Morton For CS 410.

Check That Input Preventing SQL Injection Attacks By Andrew Morton For CS 410.
How a little code can help with support.. Chris Barba – Developer at Cimarex Energy Blog:

How a little code can help with support.. Chris Barba – Developer at Cimarex Energy Blog:
Chapter 10 Managing Data with ASP.NET. ASP.NET 2.0, Third Edition2.

Chapter 10 Managing Data with ASP.NET. ASP.NET 2.0, Third Edition2.
(CPSC620) Sanjay Tibile Vinay Deore. Agenda  Database and SQL  What is SQL Injection?  Types  Example of attack  Prevention  References.

(CPSC620) Sanjay Tibile Vinay Deore. Agenda  Database and SQL  What is SQL Injection?  Types  Example of attack  Prevention  References.

Similar presentations

Ads by Google