[AccessD] Upsize?

Arthur Fuller artful at rogers.com
Fri Dec 23 06:51:05 CST 2005 

1. Quite right. It is possible to defend against when writing dynamic SQL,
but wow what a hassle. Passing params to sprocs works way better with less
effort.
2. So long as we are discussing SQL not MDB, then almost any MDB saved query
could be translated to a table UDF. This would enable you to join as many of
these as you wish.
3. As both a developer and a DBA, I'm not sure whether I should moan or
bitch LOL.

-----Original Message-----
From: accessd-bounces at databaseadvisors.com
[mailto:accessd-bounces at databaseadvisors.com] On Behalf Of MartyConnelly
Sent: December 20, 2005 5:40 AM
To: Access Developers discussion and problem solving
Subject: Re: [AccessD] Upsize?

SQL injection is the problem.

Michael Maddison wrote:

>Hi Jürgen,
>
>When faced with the same problem I went dynamic.  Every other option just
>as you say looks ugly.
>I never found a good alternative, no one has offered one this time either.

>It seems to me that in situations like this the 'developers' go with
dynamic SQL, the dba's moan ;-)
>
>cheers
>
>Michael M

>
>
>Michael:
>
>With variable joins, do you point somthing like a list source of search
'hits' to different queries, one query for each join, or how do you handle
variable combinations of joins?  Lets say there is 1 table that may be
joined to 0 to 5 other tables in various combinations, being 32 possible
querydefs.  I've always constructed the SQL in code and was very satisfied
with the performance.  Add another table and you're up to 64 querydefs.  
>That's ugly.
>
>
>
>Ciao
>Jürgen Welz
>Edmonton, Alberta
>jwelz at hotmail.com
>
>
>
>
>
>  
>
>>From: "Michael Maddison" <michael at ddisolutions.com.au>
>>
>> Hi Jürgen,
>>
>>If you go with variable parameters check out the 'With Recompile' option.
>>It forces a new execution plan each time the procedure is run and 
>>overcomes SQL's 'parameter sniffing' problem.
>>
>>cheers
>>
>>Michael Maddison
>>
>>DDI Solutions Pty Ltd
>>michael at ddisolutions.com.au
>>Bus: 0260400620
>>Mob: 0412620497
>>www.ddisolutions.com.au
>>    
>>
>
>
>  
>

-- 
Marty Connelly
Victoria, B.C.
Canada



-- 
AccessD mailing list
AccessD at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/accessd
Website: http://www.databaseadvisors.com

More information about the AccessD mailing list