Ricardo Parente's Blog » SQL

SSAS: Forecast Video Tutorial

rparente — Mon, 13 Dec 2010 17:12:01 +0000

Congratulations Pinal Dave for the 1500th Post

rparente — Thu, 14 Oct 2010 16:57:47 +0000

Pinal Dave, my SQL Guru, completed today 1500 posts on his blog SQLAuthority, with 20 million views in iyts 4th year.

That’s amazing! Good job.

He explains how he came up with the blog’s name on this article.

Keep up the good work Pinal !

ColdFusion – SQL: Dynamic Values in Order By Clause

rparente — Mon, 04 Oct 2010 16:41:31 +0000

This week I had to write a stored procedure for retrieving real estate properties and use the data in a ColdFusion template with pagination. I had the following input arguments: StartRow, EndRow, PriceFrom, PriceTo and SortBy.

Since I use Fusebox, all parameters passed in the URL query string are converted to the scope “attributes”. So, here is the procedure call:

You may have noticed that some parameters if not passed to this template, it will send a NULL value to the store procedure.

Since the SortBy parameter is dynamic and I need to retrieve only a subset of the query, I mean, the amount of records to fit one page, I could not use CTE because SQL Server does not allow the ORDER BY clause in the CTE (temporary table). Also, we needed to have a CASE statement in the ODER BY clause to allow dynamic sorting.

After such a pain in the neck, I did some research and found some examples on Pinal Dave blog “SQL Authority“. One of the comments on his article suggested the use of RANK(), and that was it, the solution for my problem.

Here is the stored procedure:

CREATE PROCEDURE [dbo].[Pagination]
@arg_startRow int
,   @arg_endRow int
,   @arg_priceFrom money = NULL
,   @arg_priceTo money = NULL
,   @arg_sortBy varchar(50) = NULL

AS
BEGIN
SET NOCOUNT ON;
DECLARE @temp table (
propertyUUID uniqueidentifier
,   price money
,   yearBuilt smallint
,   cityName nvarchar(50)
,   rowNum int
)
INSERT INTO @temp
SELECT
p.propertyUUID
,   p.price
,   p.yearBuilt
,   c.cityName
,   rowNum =
CASE
WHEN (@arg_sortBy = 'price ASC') THEN
ROW_NUMBER() OVER(ORDER BY p.price)
WHEN (@arg_sortBy = 'price DESC') THEN
ROW_NUMBER() OVER(ORDER BY p.price DESC)
-- default order
ELSE ROW_NUMBER() OVER(ORDER BY c.cityName)
END
FROM dbo.properties p
LEFT JOIN dbo.cities c ON c.cityCode = p.cityCode
WHERE p.isActive = 1
AND (@arg_priceFrom IS NULL OR p.price >= @arg_priceFrom)
AND (@arg_priceTo IS NULL OR p.price <= @arg_priceTo)
AND (@arg_cityName IS NULL OR c.cityName = @arg_cityName)
ORDER BY
CASE
WHEN @arg_sortBy = 'price ASC' THEN
RANK() OVER(ORDER BY p.price)
WHEN @arg_sortBy = 'price DESC' THEN
RANK() OVER(ORDER BY p.price DESC)
ELSE c.cityName
END

-- Now select only the number of rows passed from the pagination request
SELECT
propertyUUID
,   cityName
,   price
,   yearBuilt
FROM @temp
WHERE rowNum BETWEEN @arg_startRow AND @arg_endRow

With that SP we can now paginate without losing the order by set by the url parameter.

Thanks Pinal Dave!

SQL: Tips for Where Clause With Wildcards

rparente — Sun, 03 Oct 2010 03:24:38 +0000

We, at the company, had to find all cities in my city table which name were composed of more than one word and the last word should have only two characters, like “Berlin SO”, “Santa Fe”…

Phillip Gagnon, our I.T. manager, showed us two simple ways to list them using wildcards:

1
2
3

SELECT cityID, cityName
FROM cities
WHERE right(cityName, 3) like ' __'

and another way:

1
2
3

SELECT cityID, cityName
FROM cities
WHERE right(cityName, 3) like ' %%'

Microsoft SQL Server 2008 Service Pack 2

rparente — Thu, 30 Sep 2010 16:40:30 +0000

Microsoft released the SQL 2008 Service Pack 2.

You may download it here.

Reference: Pinal Dave

Convert String to a Table using CTE

rparente — Mon, 14 Dec 2009 20:45:42 +0000

I have found many solutions to pass a list parameter from ColdFusion to a stored procedure,
and this one is a very simple and efficient way to convert a string to a table. Thanks to Amit Gaur posting to SQL ServerCentral.

I modified his original function which returns only integers (forcing you to pass only a list of integers).

Suppose you pass the string ’2A354,FB452,8896′ in the argument @itemList as a list of item codes you want to retrieve from your inventory table.

In your stored procedure you would have this query:

1
2
3

SELECT item, description, price
FROM inventory
WHERE item IN (SELECT item FROM strToTable(@itemList))

Here is the function strToTable():

SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
-- =============================================
-- Author:        Amit Gaur
-- Create date: July 25th 2008
-- Description:    Convert a string to a table
-- =============================================
CREATE FUNCTION [dbo].[strToTable]
(
@array varchar(max),
@del char(1)
)
RETURNS
@listTable TABLE
(
item int
)
AS
BEGIN

WITH rep (item,list) AS
(
SELECT SUBSTRING(@array,1,CHARINDEX(@del,@array,1) - 1) as item,
SUBSTRING(@array,CHARINDEX(@del,@array,1) + 1, LEN(@array)) + @del list

UNION ALL

SELECT SUBSTRING(list,1,CHARINDEX(@del,list,1) - 1) as item,
SUBSTRING(list,CHARINDEX(@del,list,1) + 1, LEN(list)) list
FROM rep
WHERE LEN(rep.list) > 0
)
INSERT INTO @listTable
SELECT item FROM rep

RETURN
END

GO

Copying Stored Procedures to Another Server

rparente — Sat, 19 Sep 2009 02:03:27 +0000

We are constantly implementing new tasks and developing web sites for about 12 customers. We have a development server at our office and our live servers are at our datacenter. Many times we have to rewrite or modify stored procedures and then after testing, we need to copy them to the live server.

To accomplish this task we could normally script the SPs and copy the scripts to the live server, but that would take us a lot of time. The solution was written by our colleague Phillip Gagnon, who wrote a piece of code to automate that task of copying from dev to live.
I found it interesting and with his permission I’m posting it here.

Here is the code,you may call it pushToLive.cfm:





     SELECT o.name, c.text
     FROM sysobjects o LEFT JOIN dbo.syscomments c ON o.id=c.id
     WHERE xType='P' and category=0


There are #qProcs.recordCount# procedures to overwrite






     
          IF EXISTS(SELECT name FROM sysobjects WHERE name = '#name#' AND type = 'P')
               DROP PROCEDURE #name#
     
     
          



          #text#
          




          
     
     
          #i#. Writing #name#

          
          
               #preserveSingleQuotes(text)#
          
          
               Error Writing #qProcs.name#




               #qProcs.text#




               
          
     
     



Done!

Advanced SQL Injection

rparente — Thu, 30 Jul 2009 03:44:27 +0000

My friend Pedro Claudio posted a link on my Facebook Wall about this presentation made by Bernardo D. A. Guimarães at the Black Hat Briefings Europe, Amsterdam in April 2009. I found it interesting and here is the slide presentation:

Advanced SQL injection to operating system full control (slides)

View more documents from Bernardo Damele a. g..

Convert Time To Decimal (SQL)

rparente — Thu, 18 Jun 2009 14:34:13 +0000

I was following the SQL list and came across a post from Jim Gotwald where he showed his solution to convert a time string into a decimal value (ex: ’10:30′ to 10.5).

So I decided to write a custom function where you can either pass a complete date as a string or just the time and it will return a float value representing the time in decimal.

You may call the function like this:

select dbo.timeToDecimal(cast(getDate()) as varchar(20))
select dbo.timeToDecimal(’2008-06-18 10:35:43′)
select dbo.timeToDecimal(’06/18/2009 10:22:00′)
select dbo.timeToDecimal(’10:42′)

Here is the function:SET ANSI_NULLS ON GO SET QUOTED_IDENTIFIER ON GO -- ============================================= -- Author: Ricardo Parente -- Create date: 2009-06-18 -- Description: I convert a time string to decimal -- Parameter: datetime string (varchar) or just a time string -- ============================================= CREATE FUNCTION dbo.timeToDecimal ( @timeToConvert varchar(25) ) RETURNS float AS BEGIN DECLARE @Result float DECLARE @t varchar(5) SET @t = cast(datepart(hh,@timeToConvert) as varchar(2)) + ':' + cast(datepart(n,@timeToConvert) as varchar(2)) SET @Result = CAST(DATEDIFF(N, '00:00', @t) AS FLOAT)/60 RETURN @Result END GO

Split List Table-Valued Function Reviewed

rparente — Mon, 04 May 2009 14:02:31 +0000

In my previous post, I discussed the function used to split a string into a table of tokens. Very useful instead creating a cursor.

Now, with SQL 2005/2008, it became easier and faster to do the same job using XML parsing.

I found this function online, written by Jacob Sebastian which is much faster than my old one:

CREATE FUNCTION dbo.SplitString ( @str VARCHAR(MAX), @delimeter CHAR(1) ) RETURNS @ret TABLE (Token VARCHAR(MAX)) AS BEGIN DECLARE @x XML SET @x = '' + REPLACE(@str, @delimeter, '') + '' INSERT INTO @ret SELECT x.i.value('.', 'VARCHAR(MAX)') AS token FROM @x.nodes('//t') x(i) RETURN END
I used it to update a table, passing the list of values coming from a ColdFusion list and it was very fast. Here is a sample code:
USE [myDatabase] GO SET ANSI_NULLS ON GO SET QUOTED_IDENTIFIER ON GO CREATE PROCEDURE [dbo].[updateBooks] @prodIdList varchar(max) , @purchaseDate datetime , @invoiceNo varchar(50) AS BEGIN SET NOCOUNT ON; update p set p.invoiceNo = @invoiceNo , p.lastPurchaseDate = @purchaseDate from tbl_purchases p inner join dbo.splitString(@prodIdList,',') temp on temp.token = p.prodId END
The product ID list is passed in @prodIdList, and the inner join matches with p.prodId existing in the tbl_purchases table