Re: Database Engine Tuning Advisor suggestion to replace syntax.

From: "Russell Fields" <RussellFields@xxxxxxxxxx>
Date: Thu, 28 Aug 2008 14:27:09 -0400

Mike,

Yes, they both optimize for reuse, but the first choice is dynamic SQL and
the second choice is executable TSQL.

This has an impact on security. For example, if this code is running in a
stored procedure, the user needs EXECUTE rights to the stored procedure.
However, Query 1 requires the user to have SELECT rights on the Customers
table, but Query2 does not need these extra rights, since the stored
procedure permission has the needed rights to do the SELECT for the user.
(And a best practice is (IMHO) to create stored procedures for all such
accesses.

Also, FWIW, the dynamic SQL is only syntax checked at run time, not when the
procedure is created.

Generally speaking, it is better to avoid dynamic SQL, but there are time
when it is the only choice. See:
http://www.sommarskog.se/dynamic_sql.html

RLF

"Mike" <mssql@xxxxxxxxxxxxx> wrote in message
news:D4F42EBA-FE7B-4DE3-B04E-B723C598E755@xxxxxxxxxxxxxxxx

SQL Server 2005 Database Engine Tuning Advisor informs me that I should
replace query 1 below with the syntax in query 2 below. I'm just not
seeing
the reason since both the "SELECT" statements optimization plans are
stored
for reuse. Am I missing something?

Mike.

Query 1
EXEC sp_executesql N'SELECT FirstName, LastName, Company, StreetAddress,
City, State, ZIP5, ZIP4
FROM Customers
WHERE City = @P1
AND State = @P2',
N'@P1 char(32), @P2 varchar(32)', 'Poedunk', 'Iowa'

Query 2
DECLARE @P1 varchar(32)
DECLARE @P2 varchar(32)
SET @P1 = 'Poedunk'
SET @P2 = 'Iowa'
SELECT FirstName, LastName, Company, StreetAddress, City, State, ZIP5,
ZIP4
FROM Customers
WHERE City = @P1
AND State = @P2

References:
- Database Engine Tuning Advisor suggestion to replace syntax.
  - From: Mike

Prev by Date: Database Engine Tuning Advisor suggestion to replace syntax.
Next by Date: Re: Database Engine Tuning Advisor suggestion to replace syntax.
Previous by thread: Database Engine Tuning Advisor suggestion to replace syntax.
Next by thread: Re: Database Engine Tuning Advisor suggestion to replace syntax.
Index(es):
- Date
- Thread

Relevant Pages

Re: order by problem with stored procedure
... :> I try to short dinamically the result my stored procedure. ... only values can be passed to a query via variables (whether the query is in ... DYNAMIC SQL means (see NATIVE DYNAMIC SQL in the PL/SQL Users Guide -- you ... if the host variable:ob_col contains the value 'ENAME' ...
(comp.databases.oracle.misc)
Re: set a select statement stored in a table in a variable
... You do not require a dynamic sql statement to use a variable after = clause. ... > Inside a stored procedure I want to set ... > into a variable and then execute it using ... > the query I get the statement ...
(microsoft.public.sqlserver.programming)
Re: Query question
... dynamic sql inside of a stored procedure. ... that allow any string as a substitute. ... The query execution plan can be reused. ...
(microsoft.public.sqlserver.server)
Re: Can I bind MDX queries
... You can write the MDX query in a Stored procedure and use Dynamic SQL ... Server) with a linked analysis server. ...
(microsoft.public.sqlserver.olap)
Re: noise words, @@ERROR, and stop and resume indexing
... > Noiseword varcharNot Null ... > the data from the noise file to the noise_words table. ... >> A clause of the query contained only ignored words. ... >> into query analyzer before starting the stored procedure. ...
(microsoft.public.sqlserver.fulltext)