Effective decision support systems require ______ in interacting with the user
flexibility
Using parameters within a query...
Allows the user to decide exactly what data to return
Greatly improves the usability of the system
Frequently used in web-based DSS
How can you call parameterized queries externally
Using userforms and collect the parameter values as variables from the user
What are some advantages of parameterized queries?
Query can be compiled once at beginning of process
Data types can be enforced without focus on syntax
Security - can help to protect against SQL injection
What is SQL injection
Inserting or "injecting" SQL code via data that is sent to a DBMS when (non-parameterized) dynamic SQL is used
What is a stored procedure?
A subroutine available to applications accessing a relational database system. A stored procedure (sometimes called a sproc or an SP) is actually stored in the database
Stored procudures can receive ______ ______ and may return results
input parameters
Stored procedures can be called from:
Programs written in standard languages (Java, C#)
Scripting languages (JavaScript, VBScript, PHP)
SQL command prompt (SQL*Plus, Query Analyzer)
Advantages of stored procedures
Performance
Productivity and Ease of Use
Security
Describe the performance of stored procudures
Compiled once - procedure calls are quick and efficient