|
Give the view a schema prefix eg ABSystems.ViewName and use SQL security to restrict access to the view. This will not stop a quality DBA but will slow down the average user.
A DBA owns the database you are working on and as such will get access to your code somehow. I can think of 2 ways to get around this setup.
Never underestimate the power of human stupidity
RAH
|
|
|
|
|
hi,
I have a program which does some operations with database.(Single tier architecture)
I will sometimes have to move the application to other systems having the database.
In order to make the database connection parameters configurable, i am storing the params such as username, password etc. in an xml file.
Is it the correct way to handle the situation?
If so will it be safe to store the database password in an xml file? how can i solve the issue?
If the application is meant for ordinary users(who may not have the database files), how can we approach the problem? Cconfiguration file will not be easy for him to edit no?
Thank you
Fadi
|
|
|
|
|
Fadi Yoosuf wrote: Is it the correct way to handle the situation?
There is no "correct way". It is a good idea to store it in a configuration-file, since it makes it easier to change.
Fadi Yoosuf wrote: If so will it be safe to store the database password in an xml file?
Yes and no. It might be safe on a NTFS-partition, depending on the settings. Passwords are rarely written into a file as plain text, so you could encrypt it if you wanted more security.
Fadi Yoosuf wrote: how can i solve the issue?
Switch to "Windows Authentication Mode", and you won't need to save a password. This would require just a small change in your connection-string. Use "integrated security" instead of the username/password combination.
I are troll
|
|
|
|
|
This is a standard approach and can be handled by using encrypted passwords, encrypting the config file or putting the password into the registry (not recommended these daya).
Never underestimate the power of human stupidity
RAH
|
|
|
|
|
Thank you very much for the info.
But I wish to know one more thing.
How huge applications like encyclopedias stores information?
If they store in database, how is it possible to install them, without having the database server in the system?
|
|
|
|
|
Fadi Yoosuf wrote: How huge applications like encyclopedias stores information?
These apps distribute a database with the app and are considered single user applications. A DB like SQL Express, Access or there are a few other small, single user databases out there.
Never underestimate the power of human stupidity
RAH
|
|
|
|
|
Hi,
I am using SQL Server 2005. I need to implement a full text search capability. I decided to use CONTAINS, and not sure if it is the correct statement to use. If the user types in word1 word2 in the search textbox, how would I send this to the CONTAINS statement? Something like word1 OR word2? What happens if he tries to search via phrase?
Please can someone help?
Regards
Brendan
|
|
|
|
|
You can use the CONTAINS -statement to search for pieces of text. It's not very usefull if you want to search for multiple parts; you'd have to check each text-column in each table for each word that the user types. Short example, we search our db for the text "Hello world".
Now, what should happen if table A holds this exact string, and table B has a text-field that starts with the word "World" and ends with the words "Hello, hello!"?
Worse, what happens when the user searches for the text "This is the world?" Would it find both records, or would it show those records that have the most occurences of the word "the"? These noise-words should be filtered to ensure relevant results.
All in all, FTS[^] isn't just a query you implement (although that can be starting-point for building your own), and most people that are using SQL Server resort to the text-indexing service of MSSQL[^].
You could also consider Lucene[^], there are some articles here[^] on CP on integrating it into your application.
Good luck
I are troll
|
|
|
|
|
Good Morning All
i have the Following Query
ALTER PROCEDURE [dbo].[sp_Staff_Select_NEW]
(
@lETTER CHAR(2)
)
AS
SELECT DISTINCT ID, DESCR, NOTE
FROM TBL_STAFF
WHERE LEFT(ltrim(rtrim(Descr)), 1) = @lETTER
ORDER BY Descr
--SELECT DISTINCT ID, DESCR, NOTE
--FROM TBL_STAFF
--WHERE SUBSTRING(Descr,1,1)= @lETTER
--ORDER BY Descr
As you can see there is a Commented part. Which one is more Faster between
SELECT DISTINCT ID, DESCR, NOTE
FROM TBL_STAFF
WHERE LEFT(ltrim(rtrim(Descr)), 1) = @lETTER
ORDER BY Descr
and
SELECT DISTINCT ID, DESCR, NOTE
FROM TBL_STAFF
WHERE SUBSTRING(Descr,1,1)= @lETTER
ORDER BY Descr
Thank you
Vuyiswa Maseko,
Few companies that installed computers to reduce the employment of clerks have realized their expectations.... They now need more and more expensive clerks even though they call them "Developers" or "Programmers."
C#/VB.NET/ASP.NET/SQL7/2000/2005/2008
http://www.vuyiswamaseko.somee.com
http://www.vuyiswamaseko.tiyaneProperties.co.za
vuyiswa@its.co.za
http://www.itsabacus.co.za/itsabacus/
|
|
|
|
|
Hold on while I consult my crystal ball.
If you want to check the performance try putting a million records in a table with roughly equal number of initial letter and profile the two queries.
As an asside, your two queries may give different results as the one using the LEFT function ltrim and rtrim's whereas the SUBSTRING one does not.
|
|
|
|
|
lol
The Thing is that am using in my Filtering menu, and a user wait for 5 seconds before he sees a Menu with the Record based on the Alphabet.
Thanks For your Comment.
Vuyiswa Maseko,
Few companies that installed computers to reduce the employment of clerks have realized their expectations.... They now need more and more expensive clerks even though they call them "Developers" or "Programmers."
C#/VB.NET/ASP.NET/SQL7/2000/2005/2008
http://www.vuyiswamaseko.somee.com
http://www.vuyiswamaseko.tiyaneProperties.co.za
vuyiswa@its.co.za
http://www.itsabacus.co.za/itsabacus/
|
|
|
|
|
If you are looking for the fastest way to retrieve data, maybe you should look at populating some type of collection once at the start of the applicaiton so that subsequent lookups do not make database calls.
Generally indexes won't work in this situation because you are using a function on the field, "Descr".
Also, why would you be storing leading spaces in the "Descr" field ? Perform a LTrim(Descr) on the data before storing it.
Consider this before implementing a cache:
1) How many rows are in the tbl_staff table ? Too many rows may cause excessive memory usage by your application, but if we are talking even a few thousand, you should be OK.
2) How often are rows inserted into the tbl_staff table ? How will you synchronize the collection with the new data in the database ? (This can be done if you have built a data abstraction layer ...)
|
|
|
|
|
Good Morning Again
i have changed my statement and it look like this
ALTER PROCEDURE [dbo].[sp_Staff_Select_NEW]
(
@lETTER VARCHAR(1)
)
AS
SELECT ID, DESCR, NOTE
FROM TBL_STAFF
WHERE SUBSTRING(Descr,1,1)= @lETTER
GROUP BY Descr,NOTE,ID
This is what i changed.
1)I used a group by instead of a distinct
2)Above the i used char(2) while i was only accepting one character, its a small thing but one bit counts
3)i have added a index on the Field Descr
And it wo9rks like wonders the way it is fast.
Thank you for your Help and Comment
Vuyiswa Maseko
Vuyiswa Maseko,
Few companies that installed computers to reduce the employment of clerks have realized their expectations.... They now need more and more expensive clerks even though they call them "Developers" or "Programmers."
C#/VB.NET/ASP.NET/SQL7/2000/2005/2008
http://www.vuyiswamaseko.somee.com
http://www.vuyiswamaseko.tiyaneProperties.co.za
vuyiswa@its.co.za
http://www.itsabacus.co.za/itsabacus/
|
|
|
|
|
Good to hear things are working for you. You may want to use the option called "Display Estimated Execution Plan" in Studio Manager to see exactly how this store procedure is executing.
1) In the query window, do something like EXEC sp_Staff_Select "M"
2) From the Query menu, select the "Display Estimated Execution Plan"
check the results, you want to make sure that it is not performing any "scans", but rather it uses "seeks". A scan means that it is reading the table or index top to bottom ... lots of I/O.
My reason for suggesting this is that I don't believe your index on "Descr" is being used.
Check it out. If nothing else, it will show you how you can use the execution plan to help you optimize your queries.
|
|
|
|
|
Thank you David i will try it
Vuyiswa Maseko,
Few companies that installed computers to reduce the employment of clerks have realized their expectations.... They now need more and more expensive clerks even though they call them "Developers" or "Programmers."
C#/VB.NET/ASP.NET/SQL7/2000/2005/2008
http://www.vuyiswamaseko.somee.com
http://www.vuyiswamaseko.tiyaneProperties.co.za
vuyiswa@its.co.za
http://www.itsabacus.co.za/itsabacus/
|
|
|
|
|
Consider two tables T1 and T2.
T1 has two columns F1 and F2.
T2 has two columns F3 and F4.
We need to set F1 = F3 where F2 = F4.
A query for this made for ORACLE works, but does not work under DB2. What will be the DB2 specific implementation of this query? (and the standard SQL92 implementation?.
|
|
|
|
|
Are you looking for the SQL update statement? Show us the Oracle version you have and we can try to help you convert it. It should work the same in DB2, there just might be some syntax differences.
|
|
|
|
|
Everything you will require to build and maintain a professional level web site with little or no computer programming skills. Includes: Unlimited Pages, Blogs, Event Calendars, Photo Galleries, Downloads, News Application, Contact Form, Guestbook.-RESOURCES DESIGNED FOR A HOME BUSINESS INCLUDES 3 email Accounts (2GB each) / 500 MB Disc Space / 10 GB Web Traffic. http://www.clicknearn.net/2295-63.html
|
|
|
|
|
How do I put this politely?
I don't. Sod off you lowlife scum. If you want to advertise, then pay, don't do it freebie style.
|
|
|
|
|
In a select statement, I have a expression that calculates something and the result is in decimal with decimal points, How can I truncate the zeros in right side of decimal point?
My query is something like this:
Select (C1 * C2)/100) As A1, (C3 * C2)/50) As A2 from T1
Best wishes
|
|
|
|
|
The simple answer is you don't. Databases are for data storage, and computation - display logic is something for the UI.
In terms of a decimal datatype in .NET you can use the overload of the ToString method which takes an output format to limit the number of decimal places... something like:
decimal d = 1.2345000
string s = d.ToString("#.00####");
|
|
|
|
|
The method inside a db is the same. You have to convert it to a string or varchar or whatever the native string type is.
Many of them use the exact same # or 0 to show or not show the decimals.
I have seen this in interfaces where they just expose the query engine and the interface application doesn't do any formatting. Clumsy but sometimes your hands are tied.
to_char(fieldname,'##.00####') is an example in the style of Oracle.
I think the same works in other databases, but you'd have to look at your documentation to get the exact syntax.
_____________________________
Those who study history are doomed to watch others repeat it. -Scott M.
|
|
|
|
|
|
I am getting this error when I am try to connec to MS Access database through OleDb
Selected collating sequence not supported by the operating system.
I am just running a select statement to get the data from the table showing it in a datatable.
Can someone help me out with this problem please? thanks
|
|
|
|
|