Daniel Johnson, Jr.

Forest Fair/Cincinnati Mills/Cincinnati Mall via labelscar.com

This afternoon my family and I went to the Danbarry Dollar Saver Cinema at Cincinnati Mall to see the movie Thor.  We thoroughly enjoyed the movie, but our enthusiasm was a bit tempered as we walked through the mall to get to the cinema.

It felt like a ghost town. (more…)

It’s time to change some things up on this blog. I’m a tinkerer when it comes to looking underneath my blog’s hood, as it were. So I might break something or something may or may not behave the way either of us would expect. (more…)

This is one of the posts where I describe the more technical aspects of a project I’ve been working on. The contents here are meant mainly to trigger my own memory when needed in the future.

The HR department has requested a census report so that the company can shop around for benefits with other vendors. In typical fashion, the information needs to be laid out in such a way that none of the “canned” reports from the business system will suffice.

I know where to get the demographic information (employee ID, client ID, city, state, zip, salary, etc.), but this is the first time I’ve had to track down information such as premium rates, employer contribution, employee contribution, and coverage tier.

I sat with the HR director to find out where she’s able to see this information. Back at my desk, I launched a SQL Server Profiler Trace, filtering to my login ID and session ID. Then I navigated to those same screens to help identify which objects in SQL Server I need to look at.

From there I’ve been able to target the specific tables I need for my SQL scripts.

—–
Check out my other blogs:
Journey Inside My Mind Blog
Journey Inside My Mind Podcast
Get That Job!
QuotesBlog
Twitter.com/danieljohnsonjr

Related tags: daniel+johnson+jr

I’ve spent the last couple of weeks learning how to optimize the search tool we built. The short story is that we’re now using a pass-through query in Access to pass parameters to stored procedures on SQL Server. Processing time has gone from about 2 minutes to less than 2 seconds.

Now that I know how to work with stored procedures, I’m thinking of how else to implement them with other types of applications.

BACKGROUND

The company has clients spread across multiple databases for various reasons; namely specific business rules (e.g., worker’s comp rate, state tax rate, unemployment insurance, etc.) apply across an entire database.

Quite often someone in the company receives paperwork from an agency or client with nothing but the client employee’s name or their SSN. Searching for this employee has been trial and error, going through each database at a time. Also, in many cases the person in our company just needs to see some basic information about the employee. For example, during tax season we just needed to verify a client employee’s address and phone number. Hence the reason for such a tool.

We had initially designed the tool to have individual pass-through SELECT queries, uniting and applying criteria to them in Access. It was the uniting and applying criteria that has been slowing things down.

OPTIMIZING

So, I created two stored procedures with parameters: one that searches for an SSN one one that searches on a name. Each stored procedure unites the individual SELECT queries on a database separate from the other 12 that were being searched.

In VBA code, based on which criteria the user enters, we determine which stored procedure to run. We create a pass-through query to EXECUTE the stored procedure. This pass-through query then contains the search results, which is what we had with the earlier version of the tool.

PREVENTING SQL INJECTION

While reading the literature, I came across the concept of SQL injection and the need to prevent it. Since users are passing text to a SQL statment, we need to prevent the intentional or unintentional insertion of code that would prematurely terminate a text string and append a new command.

I wrote one procedure that scans what users enter in the first and last name fields for “–”, “CREATE”, and other such items. My coworker gave me some code to prevent users from entering other illegal characters. This double-barreled approach will prevent any SQL injection from occurring.

COMMUNICATING WITH THE MASSES

I enjoyed sharing the news of the updated tool with the rest of the company. I knew many had not even heard of it. I constructed the email the way I would a friendly blog post, including pictures.

One user immediately replied: “Awesome! Works very fast. Good job.” I was contacted by two people in Accounting and Payroll who asked that I put the tool on their machines as well.

Much joy all around, I tell you. And IT looks good.

—————-
Now playing: Tim Hawkins – KidsRock
via FoxyTunes

I think every programmer should get a chance to be on a testing project because it will make him or her a better programmer. On one project I supported the complete software development lifecycle process to develop a multi-tiered, Intranet-based, Product Data Management System from a software quality assurance perspective. The company is a global consumer products company, and they were creating a system to manage information about their products.

To do this the testing team, of which I was a part, analyzed business requirements and functional specifications, and designed test cases. Then we built test data and executed the test cases. For the most part, each of us would concentrate on a specific aspect of the system.

Since my time on this and other testing projects, I’ve found myself approaching development from the perspective as a tester, and it’s helped me be a better programmer. I wish the same for every programmer.