SQL Server stored procedure question - sql-server

I have a SQL Server stored procedure which has been in use for years. This stored procedure calls lots of other procedures. I would like to extract each inside procedure one at a time and implement its business logic to a .NET Class project.
In order to do that, I have to call .NET assembly from parent stored procedure and the returned result will be used by parent procedure. Since SQL Server 2005 and higher has CLR integration, so I think, executing .NET assembly inside stored procedure [or any Database objects] should not be a big deal, can you please point me some references where i can find examples or article to implement it?
Thank you very much for your help .

I really feel that this would be an inappropriate use of SQL CLR. The purpose of CLR integration is to support complex data types and operations that are normally very hard to do in pure SQL (such as sequences, regular expressions, hierarchy, geospatial, etc.) Not to implement a domain model in your database.
Domain models and business logic are separate from relational/data models. They should be in a proper business tier of some sort. Don't hack them into a database using the CLR.
(Note: I use SQLCLR a fair bit. I am not railing on CLR integration. I just don't think that this question reflects a wise design decision.)

MSDN
Building my First SQL Server 2005 CLR
An Intro to CLR Integration in SQL Server 2005
For loads more ;)

I think you should use SQL Server Integration Services (SSIS). As far as I understand, it solves this case, to orchestrate the procedure calls and gives you much more too..
I'm not too sure if moving this decision outside the db layer is a good decision.
Hope it helps..

Related

Write a CLR stored procedure

I would like to use existing Delphi code to write SQL Server stored procedures.
In the past I used extended stored procedures, somehow a dll compiled by Delphi wrapped by a SQL Server extended stored procedure.
Extended stored procedures are now deprecated, so somehow I wonder if there is a solution, even in the "trick domain", like some sample CLR code that wraps a normal dll or something like that.
Just to give you an example:
I insert in the db some documents by encrypting them and I would like to create a kind of API based on SQL Server functions / procedures for inserting or reading documents, so other people accessing sql server can call those functions.
Of course an alternative solution is to use webservices but I would like to try the SQL Server way first.
Note: I don't want to use Delphi Prism, my code is for XE2.
Unsafe SQLCLR assemblies can p-invoke native dlls. A better way would be to expose the native DLL services as a COM interface and use COM interop from SQLCLR, or even call the COM APIs directly from SQL via OLE Automation Procedures. An even better way would be to rewrite the Delphi code as CLR code and invoke it directly as SQLCLR procedure. And the best way would be to use SQL Server native encryption features.
Not to mention the fact that CLR in SQL Server is a guaranteed deep performance hit. Keep to the standard CRUD operators and you should be fine. The other way to do it is to use the file system as your encryption mechanism. If you are only trying to prevent casual access to docs this is a fine way to go. Otherwise it might be time to rethink your access protocol.
CLR in SQL Server is a convenient bad idea. Use it sparingly if at all.

How can I use same EF entities for SQL Server Compact and SQL Server?

I have a project to create a program that can operate in two modes:
internal users access a centralized database (SQL Server) and can view/edit each others items, or
external customers create all their own data locally (SQL Server Compact) and package it up in XML over e-mail to request a quote.
The question is, what's the best way to do this to minimize maintenance and maximize EF functionality? I'd also like to use stored procedures in SQL Server for write operations, but this isn't a top priority if too much trouble.
I could hand-create a separate SSDL before deployment, but this is extra work and error-prone. I could go Model First, but I think it would complicate database updates for both providers. I could go the Code First direction using the DbContext Generator T4 templates, but then I lose a lot of EF benefits like change tracking and stored procedure mapping. And with CF, I'd have to greatly enhance the T4 templates or I still have to create a separate SSDL.
Is there an article or any tools to make this easier?
Edit: I decided the best way to accomplish this was to use Code First to create my model and use the new code first migrations. With migrations I can generate a change script for the full server instance and I can just apply the full changes on the local CE database. The other advantage is that I have full control over my connection string and can really point it at any provider.
It's a little extra work to create the POCO classes by hand, to create the configuration classes (I prefer defining by Fluent API), and to add the extras (like unique indexes) to the first migration class, but in the end its the least work overall.
I'll have to figure out how to shunt in the stored procedures usage at a later date, but EF 5 might be available by then and have solved my problem.
I'd also like to use stored procedures in SQL Server for write
operations, but this isn't a top priority if too much trouble.
SQL Compact doesn't support stored procedures so if you mean this seriously you will not be able to reuse your mapping any way.
I could go the Code First direction using the DbContext Generator T4 templates, but then I lose a lot of EF benefits like change tracking and stored procedure mapping.
You will lose just stored procedure mapping . Change tracking will work in the same way. You will also be able to use same mapping code for both database server but you will have to figh with some minor differences between SQL server and SQL Server compact.
I could hand-create a separate SSDL before deployment, but this is extra work and error-prone.
You will have to do that if you want to use EDMX and both big SQL Server and SQL Server Compact with the same code base. Moreover you will have to limit features of your big SQL Server implementation to only features supported by SQL Server Compact.

Prepared Statements and Stored Procs Used Together

I'm in the planning stages of a Microsoft ASP.NET / SQL Server 2008 based web application and In thinking about database design, I began to think about injection attacks and what strategies I should employ to mitigate the database as a vector for injection attacks.
I've heard from various sources that using stored procedures increases safety, I have also read that these are equally as infective if they are still used with dynamic SQL as this presents an injection point
Question
Is it possible to use a Parametrized Query inside a stored procedure? My thinking is that if I pass the arguments to the stored procedure into the prepared statement the database engine will sanitize those arguments for me.
Yes you can pass Parametrized query inside a store procedure.
but it think it will not use execution plan in the procedure
and work slow as per my knowledge.

Thoughts On Extended Stored Procedures

I am looking to insert and update records in a database using functions and logic that are not available in SQL Server or any other RDBMS for that matter. After Googling around a bit this morning, I have come across the concept of Extended Stored Procedures. As far as I can tell, I should be able to compile my desired functionality into a dll, make a stored proc utilizing that dll to do the inserting/updating.
However, most of the articles and examples I have come across are somewhat dated (~2000). Are extended stored procedures still an acceptable practice? I am far from an expert in this area, so any other suggestions or comments would be greatly appreciated.
If you're using SQL Server 2005 or later, SQL CLR is the area to look at. You can call .NET code from within SQL Server.
This article on MSDN is a good place to start.
Are extended stored procedures still
an acceptable practice?
No, they are officialy deprecated and will be dicontinued in a future release. See Deprecated Database Engine Features in SQL Server 2008 , in the Features Not Supported in a Future Version of SQL Server table:
Extended stored procedure programming: Use CLR Integration instead.
I usually recommend against using CLR procedures, in most cases you can refactor the problem you are facing, into something that Transact Sql can handle.
Of most concern is the procedural approach that often accompanies the use of CLR procedures, when a relation database performs best when performing set based operations.
So the first question I always ask, is there anyway to refactor the problem into a set based operation.
If not, then I ask why would you want to execute the code inside of the database server, instead of in an application layer? Think about the performance impact you might have by placing the logic inside the database. (This might not be an issue if your db server has plenty of extra processing time).
If you do go head with CLR procedures, I think they are best applied to intensive calculations and complex logic.

Oracle to SQL Server Migration verification

We are in process of completing the migration of Oracle to SQL Server 2005 (schema, data and programming objects). We have about 1220 stored procedures to be tested. What would be the best way to test them? Is there any automation possible here?
We are thinking of writing a small window tool which would take the stored procedure name and list of parameters, would call the Oracle and SQL Server database and then compare the table table outputs. Although this eases the pain to some extent, it still does not eliminate human intervention and would not test every possible flow for the stored procedures, unless the parameters specified changes the proc flow.
I guess, what i am trying to say is what can we do further to ease the pain!
All and any suggestion/help would be appreciated!!
Thanks,
Atul
The only thing that counts here is the working of the application. So my advice would be to run you application and test you scenarios on both databases containing the same data and see if the results are the same in both cases. When you find errors you will need to zoom into the problems and try to reproduce the problems using simple lower level calls, outside of the application.
I hope this helps,
Ronald

Resources