I'd like to add the "msdb.dbo.sp_help_job" system stored procedure to a LINQ to SQL object, but I can't figure out how to specify it. If I create a new Data Connection in Server Explorer and specify the "msdb" database of the server I want, and navigate to "Stored Procedures", that procedure is not listed. Am I looking in the wrong place?
I've added regular (user defined) stored procedures in the past with no problem. I know I could get there by executing it via "ExecuteCommand" on the data context, and I could also create a "wrapper" stored procedure that did nothing but call "sp_help_job", but I'd like to know how to hook it up directly to LINQ, or if it's even possible.
The System Stored Procedures are not actually sitting inside your database, but rather the Read-Only Resource database.
http://msdn.microsoft.com/en-us/library/ms190940.aspx
However, here's how you can make it possible to find them:
Accessing System Databases/Tables using LINQ to SQL?
Related
I am tasked with creating a stored procedure from a script I wrote which will update tables with data.
Since I run this script against a dev database and a live database, we have always manually changed the USE DATABASE in the script before running.
I am looking for a way to use USE DATABASE within a stored procedure.
Is this possible without having to create two stored procedures of the same script for each database (dev versus live)?
Assuming you mean MS SQL Server. You cannot use USE ... within a stored procedure, but you can directly reference a different database with fully qualified object notation.
database.schema.objectname
Example:
dev_mydb.dbo.MyTable
Do note though that if you need that database name to be variable then you will need to use dynamic SQL to set the dbname.
I have been looking through old posts but am seeing some conflicting info on this. I have a SQL Server database and I am talking to it with C# code (.Net 4.5). I used stored procedures to do everything in the database and parameterising the inputs when I make a call.
I would like to lock down the database so that it won't accept SQL code and will only respond to calls to the stored procedures. Is this possible?
Although there is no setting to disallow ad-hoc SQL entirely, you could grant only EXECUTE permissions on only the stored procedures called directly by application code. Permissions on objects referenced by stored procedures are not needed as long as the ownership chain is unbroken, meaning that the stored procedure and referenced schema/objects are owned by the same user (typically dbo). This method will prevent ad-hoc access by non-privileged accounts.
Be aware ownership chaining does not apply when dynamic SQL is used with the procs. If procs have dynamic SQL (with securely built SQL and parameterized), you can sign the module with a certificate to provide the needed permissions from within the proc without granting users direct permissions on objects referenced by the dynamic SQL statement. See giving permissions through stored procedures for details and examples.
Be sure to specify CommandType.StoredProcedure on all SqlCommand objects to ensure parameters must be passed separately. Although it is possible to execute stored procedures using CommandType.Text, more attention to detail is needed to do securely.
Is Sql server provides us any tool to track the executed procedure with their paramter.. I know this can be done by looking at our server side logic before we call the procedure. But I still want to know if tool exsist or not. If yes then How can do this.
You can use SQL Profiler.
If the stored procedure is called directly from your app, you can use the RPC:starting event. Otherwise you may try to trace the sp:starting event.
For more info check here:
http://sqlity.net/en/976/capturing-parameters-of-a-stored-procedure-call/
So both events do not cover all cases. If you are trying to see all
calls to a procedure from an application, go with RPC:starting. If on
the other hand the procedure gets executed as part of a bigger batch
or from within another procedure, use sp:starting but be aware
that variable usage might hide the actual parameter values from you.
You can setup a custom Data Collector if you have Management Data Warehouse setup on your server. You can also use a DMV to track this, sys.dm_exec_procedure_stats. If you use the dmv, setup a table to store the data, and then dump the dmv data at regular intervals to your table.
I would like to do the following in SQL Server (2008 + ):
Define a view, let's call it [MySchema].[MyTableInfo], that queries the SQL Server catalog views, e.g., [sys].[tables], to obtain a customized presentation of the underlying catalog metadata.
Install this view somewhere (in master?) so that it can be called from the context of any database on the server and return the metadata appropriate for that context, just as the catalog views do.
I have seen reference to techniques to do something similar with utility stored procedures, but this is a little different. Is what I'm wanting to do possible? If so, how?
Update:
I found an article that described how to do almost exactly what I want but with stored procedures. The routines are stored in the master database and marked as system objects. When they return metadata from the catalog views/information schema, the do so in the context of the current database.
Using stored procedures to execute these queries would be extremely inconvenient for my use case; is there not a way to mark views and/or table-valued functions as system objects and have them execute in the context of the calling database? I have hacked on this without success...
I have been writing a CLR stored procedure that moves data from one database to another. I went with the CLR stored procedure because I like the .NET framework's ability to connect to remote servers better than I like linked servers, or openrowset, but I now find that my class is mostly embedded SQL strings. I was considering just using the CLR stored procedures to retrieve the data onto the local SQL Server, and then using a regular SQL stored procedure for the actual inserts and updates.
I'm not worried about pre-compilation of the procedure or performance, and I do like that the CLR procedure allows me to see all of the logic in one place, read from top to bottom.
Are there any reasons I should consider moving to a TSQL solution instead of CLR?
Thanks.
There are multiple reasons why you would stick to a regular stored procedure. I'll try to give you an overview of the ones that I know of:
Performance.
Memory issues. SQL Server only operates with its own max memory settings. CLR's go out of this bound. This could comprimise other applications (and the OS) running on this server.
Updatebility. You can update a Stored procedure with a simple script. CLR's are more complicated to update
Security. CLR's often require more security settings than regular t-sql.
As a general rule you only want to use CLR for:
interaction with the OS, such as reading from a file or dropping a message in MSMQ
performing complex calculations, especially when you already have the code written in a .NET language to do the calculation.