Removing embedded SQL from database application
This is a discussion on Removing embedded SQL from database application within the SQL Server forums, part of the Microsoft SQL Server category; --> I inherited an existing database application about 6 months ago. I've finished converting it to use SQL Server 2000 ...
| |||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-29-2008, 08:13 PM
| ||||
| ||||
 Removing embedded SQL from database application I inherited an existing database application about 6 months ago. I've finished converting it to use SQL Server 2000 as the backend (MS Access 2002 frontend w/ Userforms+VBA code pointing to the backend). In its current state the application makes use of a ton of embedded SQL statements and I'm thinking about the best way to clean this up. It seems like the best way would probably to encapsulate each of the SQL statements into its own stored proc and then have the MS Access application call the sp. However, this would result in a very large number of stored procedures. Anyone have any links or suggestions regarding best practices on removing embedded SQL scattered throughout a DB app? Thanks.      |
|
02-29-2008, 08:13 PM
| ||||
| ||||
| Re: Removing embedded SQL from database application Beowulf (beowulf_is_not_here@hotmail.com) writes: > I inherited an existing database application about 6 months ago. I've > finished converting it to use SQL Server 2000 as the backend (MS Access > 2002 frontend w/ Userforms+VBA code pointing to the backend). > > In its current state the application makes use of a ton of embedded SQL > statements and I'm thinking about the best way to clean this up. It > seems like the best way would probably to encapsulate each of the SQL > statements into its own stored proc and then have the MS Access > application call the sp. However, this would result in a very large > number of stored procedures. > > Anyone have any links or suggestions regarding best practices on > removing embedded SQL scattered throughout a DB app? Thanks. Certainly sounds like a daunting task. An alternative is review all embedded SQL and make sure that no SQL statements interpolate values, but all queries are parameterised. Furthermore, make sure that tables are prefixed with dbo. As for why, read these two sections: http://www.sommarskog.se/dynamic_sql.html#SQL_injection http://www.sommarskog.se/dynamic_sql.html#queryplans -- Erland Sommarskog, SQL Server MVP, esquel@sommarskog.se Books Online for SQL Server 2005 at http://www.microsoft.com/technet/pro...ads/books.mspx Books Online for SQL Server 2000 at http://www.microsoft.com/sql/prodinf...ons/books.mspx |
Linear Mode
