Book Image

Learn T-SQL Querying

By : Pedro Lopes, Pam Lahoud
Book Image

Learn T-SQL Querying

By: Pedro Lopes, Pam Lahoud

Overview of this book

Transact-SQL (T-SQL) is Microsoft's proprietary extension to the SQL language used with Microsoft SQL Server and Azure SQL Database. This book will be a usefu to learning the art of writing efficient T-SQL code in modern SQL Server versions as well as the Azure SQL Database. The book will get you started with query processing fundamentals to help you write powerful, performant T-SQL queries. You will then focus on query execution plans and leverage them for troubleshooting. In later chapters, you will explain how to identify various T-SQL patterns and anti-patterns. This will help you analyze execution plans to gain insights into current performance, and determine whether or not a query is scalable. You will also build diagnostic queries using dynamic management views (DMVs) and dynamic management functions (DMFs) to address various challenges in T-SQL execution. Next, you will work with the built-in tools of SQL Server to shorten the time taken to address query performance and scalability issues. In the concluding chapters, this will guide you through implementing various features, such as Extended Events, Query Store, and Query Tuning Assistant, using hands-on examples. By the end of the book, you will have developed the skills to determine query performance bottlenecks, avoid pitfalls, and discover the anti-patterns in use.
Table of Contents (18 chapters)
Free Chapter
1
Section 1: Query Processing Fundamentals
5
Section 2: Dos and Donts of T-SQL
10
Section 3: Assemble Your Query Troubleshooting Toolbox

The importance of parameters

As we discussed in the How query processing impacts plan reuse section on caching methods, the primary reason to parameterize queries is to ensure that query execution plans get reused. But why is this important and what other reasons might there be to use parameters?

Security

One reason to use parameterized queries is for security. Using a properly formatted parameterized query can protect against SQL injection attacks. A SQL injection attack is where a malicious user can execute database code (in this case, T-SQL) on a server by appending it to a data-entry field in the application. As an example, imagine we have an application that contains a form that asks the user to enter their name into...