Why use Store procedure

最新推荐文章于 2024-07-24 08:30:35 发布
最新推荐文章于 2024-07-24 08:30:35 发布
阅读量1.3k 收藏
点赞数
分类专栏: MS-SQL Server 文章标签: 存储 statistics input 优化 internet 网络

  第一:提高性能

        当存储过程被创建,它要经过以下几步,第一步 ,它所包含的T-SQL语句将被分析和解析,并被存储.当第一次被执行时,它将被调出并被优化.SQLServer会根据statistics自动选择相应的优化策略。
此后查询计划将被存储在高速缓存中,以利于将来使用 .由于不用被重新编译,所以可以大大提高效率。
 
第二: 减少网络流量
        你可能使用 T-SQL语句来对表执行插入操作。但是如果我们创建一个存储过程来进行这样操作的话,每次插入的时候只要传输存储过程名。参数和这些参数的数值。当这些操作非常频繁时我们将会发现使用存储过程可以减少额外的网络传输。这在我们使用Internet时进行传输时非常有用。
比较以下两个语句:
INSERT INTO EmployeeTerritories (EmployeeID, TerritoryID) VALUES ( 3 , 12345 )
Ins_EmployeeTerritories @empId = 3 ,@terrId = 12345
        如果一个图片类型数据被上传或者下载应该如何处理哪??对于二进制数据类型,例如图片、声音等等,将会以二进制值的形式被发送。当使用 T-SQL内联的时候,这些二进制数据类型的数据,将会被转换成字符串,这也会使我们发送的实时查询数据大小加倍。
        第一个语句有 74个字符,第二个有46个字符,相比而言网络传输量减少了37.84%,如果我们这个插入语句中包括有更多要插入数据的列,并且每天被执行10,000次,将会学杂费280K左右的带宽。
 
第三: 减少注入式攻击
        3.1易受注入式攻击的代码:
// DANGER! User input used to generate database query
string  sql  =  String.Format ( " select count (*) from users where username='{0}' and cast (password as varbinary)=cast ('{1}' as varbinary) " , username, password); 
SqlCommand command  =   new  SqlCommand (sql, connection); 
 int  count  =  ( int ) command.ExecuteScalar (); 
       
        3.2优化过的代码
下面的代码被注入式攻击的机率要少些
// BETTER: Input passed to parameterized command
SqlCommand command  =   new  SqlCommand 
( " select count (*) from users where username=@username and cast (password as varbinary)=cast (@password as varbinary) " ,  connection); 
command.Parameters.Add ( " @username " , SqlDbType.VarChar).Value  =  username; 
command.Parameters.Add ( " @password " , SqlDbType.VarChar).Value  =  password; 
 int  count  =  ( int ) command.ExecuteScalar (); 
       3.3使用存储过程来减少注入攻击
通过存储过程来执行效果会更好
// BEST: Input passed to stored procedure 
SqlCommand command  =   new  SqlCommand ( " proc_IsUserValid " , connection); 
command.CommandType  =  CommandType.StoredProcedure; 
command.Parameters.Add ( " @username " , SqlDbType.VarChar).Value  =  username; 
command.Parameters.Add ( " @password " , SqlDbType.VarChar).Value  =  password; 
command.Parameters.Add ( " @return " , SqlDbType.Int).Direction  =  ParameterDirection.ReturnValue; 
 int  count  =  ( int ) command.ExecuteScalar (); 

        所以我们应该尽量在我们的应用系统中使用存储过程
 
新鲜鱼排
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 2
    评论
专栏目录
A Conceptual Framework for Designing Data Governance for cloud computing.pdf
03-02
businesses have grown more sophisticated in their use of data which drives new demands that require different ways tocombine, manipulate, store,and present information. Forward thinking companies...
ora分析脚本
01-06
-u user/pass use USER/PASS to log in -i instance# append # to ORACLE_SID -sid <sid> set ORACLE_SID to sid -top # limit some large queries to on # rows - repeat <interval> |forever> Repeat an ...
Why we use stored procedure than Sql statement?
dengqi4009的博客
05-20 68
A stored procedure is, as the name suggests, a query stored within the database that returns the results required to create the output you want. This approach hides the structure of the database...
Efficient Use of PostgreSQL Indexes
weixin_34357928的博客
06-01 89
转载网址:https://devcenter.heroku.com/articles/postgresql-indexes Table of ContentsIndex TypesWhy is my query not using an index?Partial IndexesExpression IndexesUnique IndexesMulti-column Inde...
Archive MySQL Data In Chunks Using Stored Procedure
weixin_30493321的博客
01-07 60
sqladmin onSeptember 26, 2018 In a DBA’s day to day activities, we are doing Archive operation on our transnational database servers to improve your queries and control the Disk space. The...
Auditing Database Use
问天的专栏
07-29 954
Auditing Database Use This chapter describes how to use the Oracle database server's auditing facilities, and contains these topics: Guidelines for AuditingWhat Information is Contained in the A
NT's Asynchronous Procedure Call
weixin_30375427的博客
05-06 800
­ Inside NT's Asynchronous Procedure Call By Albert Almeida, November 01, 2002 Asynchronous Procedure Calls (APCs) are a fundamental building block in NT's asynchronous processing architecture. Le...
DB2 9.5 SQL Procedure Developer , Part 2: DB2 SQL procedures
敬诚为之
09-17 1780
Differences between external stored procedures and SQL stored procedures There are two types of stored procedures that DB2 supports. External stored procedures and SQL procedures. External stored
Use lambda in Ruby
九筒一条---------专栏
05-04 867
http://www.robertsosinski.com/2008/12/21/understanding-ruby-blocks-procs-and-lambdas/  Understanding Ruby Blocks, Procs and LambdasBlocks, Procs and lambdas (referred to as closures in Com
Beyond Simple Clipboard Use
Lu_ming的专栏
01-03 1051
 Weve seen that transferring text from the clipboard requires four calls after the data has been prepared: OpenClipboard (hwnd) ;EmptyClipboard () ;SetClipboardData (iFormat, hGlobal) ;CloseC
timesten tt0925: Cannot create data store semaphores (Invalid argument)
cmr27166的博客
08-05 519
今天在初始化一个TT DS的时候,遇到了报错:925: Cannot create data store semaphores (Invalid argument),看到semaphores 这个,又考虑到这个机器是第一次起D...
Microsoft Library MSDN4DOS.zip
04-30
6.1 Why Protection? 6.2 Overview of 80386 Protection Mechanisms 6.3 Segment-Level Protection 6.4 Page-Level Protection 6.5 Combining Page and Segment Protection Chapter 7 Multitasking 7.1 Task State ...
微软内部资料-SQL性能优化2
11-27
 List at least two memory myths and why they are not true. Recommended Reading  SQL Server 7.0 Performance Tuning Technical Reference, Microsoft Press  Windows 2000 Resource Kit companion CD-...
Sakemail
02-23
).- Added the property FileStream to the class TAtachedFile and the procedure SaveToStream, this was done by Brian Sheperd- The address separator (in the TO: field) is ‘,‘ and ‘;‘ now (before it ...
MarkTool之TCP服务端
最新发布
Qt学视觉
07-24 116
MarkTool之TCP服务端
【ROS2】演示:为有损网络使用服务质量设置
cxyhjl的博客
07-22 708
目录背景先决条件运行演示命令行选项添加网络流量背景请阅读有关 QoS 设置的文档页面,以获取有关 ROS 2 中可用支持的背景信息。在这个演示中,我们将生成一个发布相机图像的节点和另一个订阅图像并在屏幕上显示图像的节点。然后,我们将模拟它们之间的丢包网络连接,并展示不同的服务质量设置如何处理不良链接。先决条件本教程假设您已安装并运行 ROS 2 和 OpenCV。有关安装说明,请...
网络编程套接字socket
安权_code的博客
07-23 540
网络编程中的套接字(socket)是实现网络通信的关键,换句话来说,套接字像两个端点,而发送方与接收方就是通过这两个端点进行通信的,socket的意思是插座,表示插头和插座连接上后,即发送方和接收方连接上了,然后把电流通过插座流向插头对标发送方与接收方建立了链接。
DNS域名管理系统、搭建DNS服务
十四的博客
07-23 756
DNS概述。
why should we use double pointer in queue
03-29
Double pointers are used in queues to maintain the front and rear pointers of the queue. A queue is a data structure that follows the First-In-First-Out (FIFO) principle. It is used to store elements that are waiting to be processed. In a queue, we need to maintain two pointers, front and rear. The front pointer points to the first element in the queue, and the rear pointer points to the last element in the queue. When we add an element to the queue, we add it to the rear end, and when we remove an element from the queue, we remove it from the front end. To maintain these pointers, we use double pointers. A double pointer is a pointer that points to another pointer. In a queue, we use double pointers to store the addresses of the front and rear pointers. This enables us to modify the front and rear pointers when we add or remove elements from the queue. Using double pointers in a queue also helps in reducing the overhead of creating and deleting nodes in the queue. Instead of creating a new node every time we add an element, we can simply modify the rear pointer to point to the new element. Similarly, when we remove an element, we can simply modify the front pointer to point to the next element in the queue. Overall, using double pointers in a queue provides a more efficient and convenient way of managing the front and rear pointers, making the queue operations faster and more streamlined.
评论 2
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值