SQL Server- select columns on the fly?

From:	Ally	5 Dec 2008 16:18
To:	ALL	1 of 5

35441.1
Hello. So, once a day my work has a load of scheduled tasks run, basically performing a SELECT on the database, converting that data into XML and sending to the relevant external organisations. The problem is that sometimes this takes ages, and has even crashed the server in the past. So I'm trying to optimise it. There's a lot of very straightfoward stuff I can do (the existing stored procedure is an utter nightmare of temporary tables and all sorts) but one easy win (or I hope) will be to shrink the number of columns returned. Now, different external organisations want different columns. At the moment, it returns all of them into the C# program then selectively picks them out. But can I write a stored procedure that returns custom columns? i.e.: SQL code: SELECT @FIELDS FROM TABLE WHERE etc = etc I'm going to assume not, because it seems too easy (I'm going to give it a try once I bloody get SQL2008 installed on Vista)... so, any suggestions? Have you heard of "slobber"? Do you tend to think of it as a positive term? Because the one thing that dogs can be trusted to do, besides thumping gaseous dead rats out their ass and besides biting everybody, is to slobber all over themselves and you. You need to do some serious thinking about whether a dog is really what you need in your life right now.

0/0

Reply Quote

More

From:	Kenny J (WINGNUTKJ)	5 Dec 2008 16:48
To:	Ally	2 of 5

35441.2 In reply to 35441.1

You can't quite do that, but you can assemble the SQL dynamically in the stored procedure, then execute it:

declare @SQL varchar(MAX)
set @SQL = 'SELECT ' + @FIELDS + ' FROM TABLE WHERE etc = etc'
exec(@SQL)

Are you outputting to XML directly from SQL with FOR XML, or is that another stage?

Kenny
The Wisdom of IMDB Messageboards:
One Night At McCool's

There's one thing I don't understand: Why would Randy and Jewel, for some reason, have sex right at the beginning of the movie?

-- Um, like, are you kidding? Randy sees the golden opportunity (like finding plutonium by accident) and takes it.

0/0

Reply Quote

More

From:	Ally	5 Dec 2008 17:29
To:	Kenny J (WINGNUTKJ)	3 of 5

35441.3 In reply to 35441.2

Cheers. SQL Server has in-built security to stop "field1, DROP TABLE *" being injected in there, doesn't it?

It's going into a DataSet in a .NET console application. I thought about doing it directly to XML in SQL Server (I know nothing about it, but I assume it can do at least the basics and probably perform better) but the resulting XML needs to be customised for each export- and writing that kind of customisability into SQL Server would probably cause my head to explode.

Plus one or two places use CSV, because they're mental.

Have you heard of "slobber"? Do you tend to think of it as a positive term? Because the one thing that dogs can be trusted to do, besides thumping gaseous dead rats out their ass and besides biting everybody, is to slobber all over themselves and you. You need to do some serious thinking about whether a dog is really what you need in your life right now.

0/0

Reply Quote

More

From:	Kenny J (WINGNUTKJ)	5 Dec 2008 17:55
To:	Ally	4 of 5

35441.4 In reply to 35441.3

Use SQL Server Integration Services?

(Althought TBH, writing your own C# is probably less painful than some of the faffing you have to do in SSIS.)

As for SQL Injection attacks, there's nothing that'll explicitly prevent that sort of thing, so you still have to clean your parameters before using them, but you can set up the security so that the user who calls the stored procedure don't have the rights to drop tables or whatever.

Kenny
The Wisdom of IMDB Messageboards:
One Night At McCool's

There's one thing I don't understand: Why would Randy and Jewel, for some reason, have sex right at the beginning of the movie?

-- Um, like, are you kidding? Randy sees the golden opportunity (like finding plutonium by accident) and takes it.

0/0

Reply Quote

More

From:	Ally	5 Dec 2008 18:20
To:	Kenny J (WINGNUTKJ)	5 of 5

35441.5 In reply to 35441.4
Ah, fair enough. It's all being called internally, so there's no change of Mr. Joe Public ruining everything. But you're right, the user won't have the sufficient permissions to do any of that anyway. Have you heard of "slobber"? Do you tend to think of it as a positive term? Because the one thing that dogs can be trusted to do, besides thumping gaseous dead rats out their ass and besides biting everybody, is to slobber all over themselves and you. You need to do some serious thinking about whether a dog is really what you need in your life right now.

0/0

Reply Quote

More