Stored procedures and views... what they are, etc.
Hi
I've searched the net to reach to good understanding about this, but I still think I lack some "ease" in understanding it. The question is, what stored procedures are! I know the answer, more or less. Well seperating the ASP codes and SQL codes is an excellent idea. If the ASP developer needs only to develop the "dynamic design" parts, and the only understanding he needs from his databse would be limitted to "send some parameters to a stored procedure, and get the results", then the coding may be managed better, perhaps. Is it right?
As far as I understood, "views" are just like stored procedures, except that they only "SELECT" things and show them, and never "CHANGE" the database. Is it right?
I konw how to create "stored procedures" and "views" in access. (They are both called "queries" in access.) By now, I have not used databases other than Access, so frequently. So I don't know how to work with other databases. I don't know how to create and save SPs and Views in MS SQL, or Oracle, for example. Any idea?
And as much as I've worked with Access, I have to open the access database, to save SPs and Views. I don't know how to save these things from within ASP. Is there a way? You see, it is silly to download Access DB, save a View, and upload it, while some changes may have occured to the database before download and upload, by other users! You will discard the changes!!
When it comes to MS SQL, you don't have a way to "download" the databse at all!! (Right?) So... there must be a way, isn't it?
And a final question:
Simple "SQL injection" ideas like single quotes will also affect SPs and Views, won't they? (I guess no matter you build SQL command in ASP or use a SP, the values you pass must be checked for injection, am I right?)
Excuse me for asking this much.
Huji
I've searched the net to reach to good understanding about this, but I still think I lack some "ease" in understanding it. The question is, what stored procedures are! I know the answer, more or less. Well seperating the ASP codes and SQL codes is an excellent idea. If the ASP developer needs only to develop the "dynamic design" parts, and the only understanding he needs from his databse would be limitted to "send some parameters to a stored procedure, and get the results", then the coding may be managed better, perhaps. Is it right?
As far as I understood, "views" are just like stored procedures, except that they only "SELECT" things and show them, and never "CHANGE" the database. Is it right?
I konw how to create "stored procedures" and "views" in access. (They are both called "queries" in access.) By now, I have not used databases other than Access, so frequently. So I don't know how to work with other databases. I don't know how to create and save SPs and Views in MS SQL, or Oracle, for example. Any idea?
And as much as I've worked with Access, I have to open the access database, to save SPs and Views. I don't know how to save these things from within ASP. Is there a way? You see, it is silly to download Access DB, save a View, and upload it, while some changes may have occured to the database before download and upload, by other users! You will discard the changes!!
When it comes to MS SQL, you don't have a way to "download" the databse at all!! (Right?) So... there must be a way, isn't it?
And a final question:
Simple "SQL injection" ideas like single quotes will also affect SPs and Views, won't they? (I guess no matter you build SQL command in ASP or use a SP, the values you pass must be checked for injection, am I right?)
Excuse me for asking this much.
Huji
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
>>And a final question:
Simple "SQL injection" ideas like single quotes will also affect SPs and Views, won't they? (I guess no matter you build SQL command in ASP or use a SP, the values you pass must be checked for injection, am I right?)<<
As long as you call the view correctly, you can guard against SQL injection just in the same way that you do a SQL select.
FtB
Simple "SQL injection" ideas like single quotes will also affect SPs and Views, won't they? (I guess no matter you build SQL command in ASP or use a SP, the values you pass must be checked for injection, am I right?)<<
As long as you call the view correctly, you can guard against SQL injection just in the same way that you do a SQL select.
FtB
Finally, it is with great reluctance that I am posting here at all. The last time I tried to help you gave a B despite everyone in the thread trying to do their best to solve your problem. And now, even though you have unlimited points, you pile multiple questions into one thread rather than separate threads, and then don't even bother to offer the full 500 points.
I can't help but wonder what you're thinking sometimes.
FtB
I can't help but wonder what you're thinking sometimes.
FtB
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hey fritz,
Valuable links you provided! Thanks a lot.
About the multiple questions in a thread, we've discussed elsewhere!! Anyways, if I want more assistance with "enterprise manager" or "oracle" I WILL open a new question, not asking here. These were new terms, for me, and if I knew this, I would ask them in seperate questions, of course.
I'm reviewing the links.
I'll be back with some answers! I've increased the points to 500, not because I'm a PS member, but becuase I think your effort really worths that much.
Huji
Valuable links you provided! Thanks a lot.
About the multiple questions in a thread, we've discussed elsewhere!! Anyways, if I want more assistance with "enterprise manager" or "oracle" I WILL open a new question, not asking here. These were new terms, for me, and if I knew this, I would ask them in seperate questions, of course.
I'm reviewing the links.
I'll be back with some answers! I've increased the points to 500, not because I'm a PS member, but becuase I think your effort really worths that much.
Huji
ASKER
Well thanks Fritz. I think I have better understanding of "views" now.
I have got some new questions, that I will ask soon.
Thanks again
Huji
I have got some new questions, that I will ask soon.
Thanks again
Huji
You are very welcome.
If you would like more information on Enterprise manager, I would suggest posting a quesiton in the SQL Server area as people will most likely to be able to help you there. You can find details, however, right here:
http://www.microsoft.com/sql/evaluation/overview/default.asp
FtB
If you would like more information on Enterprise manager, I would suggest posting a quesiton in the SQL Server area as people will most likely to be able to help you there. You can find details, however, right here:
http://www.microsoft.com/sql/evaluation/overview/default.asp
FtB
ASKER
Thanks again.
Huji
Huji
You are very welcome.
FtB
FtB
>>By now, I have not used databases other than Access, so frequently. So I don't know how to work with other databases. I don't know how to create and save SPs and Views in MS SQL, or Oracle, for example. Any idea?<<
Each DBMS has its own set of tools. Access, for example, has the query designer, but SQL Server has what is known as Enterprise Manager, which is essentially a much more sophisticated version of the query designer that allows you to create views, stored procedures, triggers and etc. Oracle has its own set of tools.
>>And as much as I've worked with Access, I have to open the access database, to save SPs and Views. I don't know how to save these things from within ASP. Is there a way? <<
Yes, you can use the CREATE command to create tables and etc:
http://www.w3schools.com/sql/sql_create.asp
>>When it comes to MS SQL, you don't have a way to "download" the databse at all!! (Right?) So... there must be a way, isn't it?<<
If you place your Access database in sibling or parent directory, there is no way to download it easily. As far as downloading a copy of a SQL Server Database, the included DBMS set of tools allows you to create back ups, duplicates and etc. of your database.
FtB