EXISTS
rather than COUNT
when checking for the existence of any correlating rows that match your criteria? Does the former really offer "superior performance and readability". Louis Davidson investigates. Read more
INSERT
code that omits a column list, usually in mysterious ways and often without generating errors. Phil Factor demonstrates the problem, and advocates a 'defense-in-depth' approach to writing SQL, in order to avoid it. Read more
(MAX)
specification, which is a mistake too. Phil Factor explains the dangers and then offers a workaround for the problem, when you're importing text and simply don't know the correct length of each string. Read more
Execute(string)
to execute a batch in a string, often assembled dynamically from user input. This technique is dangerous because the parameter values are injected before the statement is parsed by SQL Server, allowing an attacker to "tag on" extra statements. Use sp_ExecuteSql
instead, and validate the string inputs. Read more
FOREIGN
KEY
or CHECK
constraints in your databases will degrade data consistency and integrity and can cause query performance problems. Phil Factor explains how to detect these and other table-related issues, during development, before they cause trouble further down the line. Read more
IsNumeric()
function, because it can often lead to data type conversion errors, when importing data. On SQL Server 2012 or later, use the Try_Convert()
or Try_Cast()
function instead. On earlier SQL Server versions, the only way to avoid it is by using LIKE
expressions. Read more