Re: IN Clause - Stuck on an easy query :-(

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Joe Celko (jcelko212_at_earthlink.net)
Date: 08/31/04

• Next message: Unkle Vo: "Re: Performance problems with application roles"
• Previous message: moido10025: "Newbie question on replace"
• Next in thread: nib: "Re: IN Clause - Stuck on an easy query :-("
• Reply: nib: "Re: IN Clause - Stuck on an easy query :-("
• Reply: Steve Kass: "Re: IN Clause - Stuck on an easy query :-("
• Reply: MarkS: "Re: IN Clause - Stuck on an easy query :-("
• Messages sorted by: [ date ] [ thread ]

---

Date: Tue, 31 Aug 2004 15:02:10 -0700

>> From Yukon (abridged) BOL -- SQL Injection 'You must therefore
validate all user input on the client side, and force server-side type
checking by calling parameterized stored procedures.' <<

This has nothing to do with SQL Injection; it is **basic** Software
Engineering: Never trust the front end in a tiered architecture to
validate or verify the data. The database is the repository and trusted
data source, not some unknown program to be written by an unknown
programmer in an unknown language at some unknown time in the future.

Parameterized stored procedures are also a bad idea. They will not port
(which is what MS wants as part of its fight against Open Source). Most
of the validations can be easily done with CHECK(), DEFAULT and
REFERENCES. The CHECK() constraints and REFERENCES also provide extra
predicates for the optimizer.

--CELKO--
 ===========================
 Please post DDL, so that people do not have to guess what the keys,
constraints, Declarative Referential Integrity, datatypes, etc. in your
schema are.

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!

---

• Next message: Unkle Vo: "Re: Performance problems with application roles"
• Previous message: moido10025: "Newbie question on replace"
• Next in thread: nib: "Re: IN Clause - Stuck on an easy query :-("
• Reply: nib: "Re: IN Clause - Stuck on an easy query :-("
• Reply: Steve Kass: "Re: IN Clause - Stuck on an easy query :-("
• Reply: MarkS: "Re: IN Clause - Stuck on an easy query :-("
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Re: IN Clause - Stuck on an easy query :-( ... You mentioned "Parameterized stored procedures are also a bad idea". ... > validate or verify the data. ... not some unknown program to be written by an unknown ... The CHECKconstraints and REFERENCES also provide extra ... (microsoft.public.sqlserver.programming) Re: IN Clause - Stuck on an easy query :-( ... >validate or verify the data. ... not some unknown program to be written by an unknown ... The CHECKconstraints and REFERENCES also provide extra ... I'll give you credit for the novel concept: check user input by ... (microsoft.public.sqlserver.programming) section mismatches gone wild ... The function pcibios_scan_specific_busreferences ... If (unknown) is only used by efifb_probe then ... annotate with a matching annotation. ... (Linux-Kernel) 2.6.21-rc1: known regressions (part 1) ... If you find your name in the Cc header, you are either submitter of one ... Status: unknown ... References: http://lkml.org/lkml/2007/2/22/391 ... Status: patch available ... (Linux-Kernel) Re: Fortune 40 analyst seeks explanation for Excel/VBA quirk ... My suspicion is that VBA is confusing your Validate Sub with a .Validate ... something that was in there previously, but I would also check the references ... looks through the Excel worksheets and verifies that the data passes some ... There was the 12:30 version of the Validate routine, ... (microsoft.public.excel.programming)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > SQL-Server  > microsoft.public.sqlserver.programming  > 2004-09