SQL Server Developer

In the first of this series we looked at TSQL tuning for temp tables, table variables and the Union command , we now turn our attention to User Defined Functions – either Table-Valued Functions or Scalar Functions. A UDF is very convenient for centralising business logic as we can specify a set of business logic [...]

[Note : This was originally published on my personal blog at JudeOKelly.com. However, since the topic is on performance optimization and many SQL Server installations are the backend for a website/webapp I am cross posting this.] When it comes to performance tuning a site, there are a multitude of possible optimizations so I thought it [...]

In this article series we will focus on the primary points of T-SQL performance tuning. In this first installment I will lopok at tuning temp tables, table variables and the Union command. Temp Tables and Table Variables Most database developers are used to breaking down code into small chunks using  temp tables or table variables  [...]

Recently one of my developers came to and complained of slow performance on a particular query. During the investigation I noticed that the primary cause was the poor query execution plan. In this article, I will discuss the approach which I used to improve the execution plan. For demonstration purpose, I will be creating a [...]

In my previous article on Parameter Tampering in ASP.NET MVC I focused on the general techniques of parameter tampering and defenses against it. In this article I will examine a specific type of parameter tampering which is often termed Mass Assignment. In most MVC web development frameworks (including ASP.NET MVC). Model binding works by assigning [...]

Despite being so well understood, SQL Injection remains one of the most common vulnerabilities in web applications. What is SQL Injection Any SQL which is dynamically created has the potential for having malicious SQL injected into it. For example, the below code receives a querystring and adds it to a SQL select string which will [...]

Never trust data submitted from a web page is a core security concept for web development. When using an MVC framework, this statement takes on added relevance. MVC frameworks rely heavily on binding querystrings, route values and form values to in-code objects. Take for example the scenario where an authenticated user needs to update their [...]

Recently on one of our staging servers had a memory consumption issue and even 32 GB of RAM was looking insufficient and application performance was being impaired. Initially I thought the cause would be poorly designed queries, but after a thorough investigation this turned out not to be the case. I noticed that whenever the [...]

A deadlock or fatal embrace is a situation which occurs when the a process is waiting for the resource that is locked by a second process and that second process is waiting for a resource that is locked by the first process. In this article, we will learn about ways to minimise deadlocks. Tips for [...]

In Moving to Agile Database Development I discussed the reasons that led our organisation to the decision to incorporate Agile methods into our software development. That part ended with a lead into our first Sprint. For readers who are already familiar with development in sprint cycles will the following explanations not be completely new, but [...]