Funksioni deterministic vs jodeterministik

DETERMINISTIC NONDETERMINISTIC
Returns same result for same input. Returns different result for same input.
Executing method definition again and again for
deterministic giving significant time for
same input. Take more execution time compare
execution if it is giving same result.
than determisitic
When using nondeterministic for
When using deterministic for nondeterministic
deterministic type of functions will take
methods might return wrong results.
unwanted execution time.
Because not executing for getting different
Because unwantly executing again and
outside at all time for the same input.
again for the same output.

Funksionet vs stored procedures

+---------------------------------+----------------------------------------+
| Stored Procedure (SP) | Function (UDF - User Defined |
| | Function) |
+---------------------------------+----------------------------------------+
| SP can return zero , single or | Function must return a single value |
| multiple values. | (which may be a scalar or a table). |
+---------------------------------+----------------------------------------+
| We can use transaction in SP. | We can't use transaction in UDF. |
+---------------------------------+----------------------------------------+
| SP can have input/output | Only input parameter. |
| parameter. | |
+---------------------------------+----------------------------------------+
| We can call function from SP. | We can't call SP from function. |
+---------------------------------+----------------------------------------+
| We can't use SP in SELECT/ | We can use UDF in SELECT/ WHERE/ |
| WHERE/ HAVING statement. | HAVING statement. |
+---------------------------------+----------------------------------------+
| We can use exception handling | We can't use Try-Catch block in UDF. |
| using Try-Catch block in SP. | |
+---------------------------------+----------------------------------------+

1. Function must return a value but in Stored Procedure it is optional

( Procedure can return zero or n values).

2. Functions can have only input parameters for it whereas Procedures can
have input/output parameters.
 3. Functions can be called from Procedure whereas Procedures cannot be
called from Function.

4. Procedure allows SELECT as well as DML (INSERT/UPDATE/DELETE)

statement in it whereas Function allows only SELECT statement in it.

5. Procedures can not be utilized in a SELECT statement whereas Function

can be embedded in a SELECT statement.

6. Stored Procedures cannot be used in the SQL statements anywhere in

the WHERE/HAVING/SELECT section whereas Function can be.

7. Functions that return tables can be treated as another rowset. This can
be used in JOINs with other tables.

8. Exception can be handled by try-catch block in a Procedure whereas try-

catch block cannot be used in a Function.

9. We can go for Transaction Management in Procedure whereas we can't

go in Function.

Mbrojtja nga sql injection:

1) kujdes me ndertimin e funksioneve user defined dhe perdorimin e

funksioneve te gatshme pasi mund te perdoren per sulmet injection te
function call. Funksionet e gatshme ofrojne nje mbrojtje me te madhe.
2) Perdorimi i bind variables. Ne vend qe ne query ne te perdorim direkt
variablin qe duam te shtojme ne db ne nje insert apo te selectojme ne nje
where, mund ti zevendesojme ato me nje variabel te caktuar dhe me pas atij
ti japim nje vlere duke perdorur bind variables.
Psh
txtNam = getRequestString("CustomerName");
txtAdd = getRequestString("Address");
txtCit = getRequestString("City");
$stmt = $dbh->prepare("INSERT INTO Customers (CustomerName,Address,City)
VALUES (:nam, :add, :cit)");
$stmt->bindParam(':nam', $txtNam);
$stmt->bindParam(':add', $txtAdd);
$stmt->bindParam(':cit', $txtCit);
$stmt->execute();

3)Perdorimi i menyrave te ndryshme per filtrimin e inputit(Input validation)

Per te realizuar validimin e inputit mund te perdoren menyra te ndryshem
nga programuesi, psh mund te permendim funksionet e gatshme si:
-trim() qe hep hapesirat boshe te inputi i vendosur nga perdoruesi dhe duke
rritur sigurine qe te mos shtohen inpute manipuluese.
-mysql_real_escape_string() funksion i gatshme qe i trajton karakteret special
si karaktere string duke I bere atyre escape dhe duke i hequr ate
kuptimin/rolin e vecante. Ne kete menyre sigurohemi se nuk do kemi impute
manipuluese.
-perdorimi I funksioneve te tjera si filter validate, apo is_numeric per te
kontrolluar tipin e inputit dhe formatin e tij duke rritur sigurine
-mund te vendosen edhe kushte te tjera kontrolli si psh is_empty apo
perdorimi i regular expression per te kontrolluar inputin.
-kontrolle tipi, formati, range, madhesie, gjatesie
-per te dhenat me xml validoje me skemen

4)Kujdes me mesazhet e gabimit qe i shfaqen perdoruesit duke shmangur

ato mesazhe qe japin shume informacion te detajuar dhe qe sulmuesi mund
ti perdore ne sulme e tij.
5)Perdorimi i metodes POST ndaj asaj GET, e cila nuk eshte e sigurte pasi te
dhenat i dergon ne server ne URL, ku sulmuesi mund te nderhyje shume
thjeshte dhe te marre inofrmacione.
6)Perdormi i view, qe vetem mund te shikohen dhe nuk mund te
modifikohen.
8)Kontrollo te drejtat e aksesit dhe cakto te drejta/privilegje te uleta per
llogarite qe aksesojne databazen.

Instead of Update --- trigger

CREATE TRIGGER [dbo].[Customer_InsteadOfUPDATE]
ON [dbo].[Customers]
INSTEAD OF UPDATE
AS
BEGIN
SET NOCOUNT ON;

DECLARE @CustomerId INT, @Name VARCHAR(50), @Country VARCHAR(50)

SELECT @CustomerId = INSERTED.CustomerId,

@Name = INSERTED.Name,
@Country = INSERTED.Country
FROM INSERTED

IF UPDATE(CustomerId)
BEGIN
RAISERROR('CustomerId cannot be updated.', 16 ,1)
ROLLBACK
INSERT INTO CustomerLogs
VALUES(@CustomerId, 'CustomerId cannot be updated.')
END
ELSE
BEGIN
UPDATE Customers
SET Name = @Name,
Country = @Country
WHERE CustomerId = @CustomerId

INSERT INTO CustomerLogs

VALUES(@CustomerId, 'InsteadOf Update')
END
END

Disa Procedura
- Procedura e par: Afishon Emrin e Restorantit i cili zgjidhet nga ne , Id e restoranti, rankimi,
kuzhina, adresa,telefoni si dhe website.

USE [RESTORANTET E TIRANES]

GO
CREATE PROCEDURE [dbo].[Te Dhenat](
@Emri_Restorantit nvarchar(30)
)
AS
BEGIN
SELECT*FROM Restoranti WHERE Restoranti.Emri= @Emri_Restorantit
END

- Procedura e tret: Afishon shtimin e nj porosie t re (Po_Id, Art_Id, Sasia). Pra krijohet nj
stored procedure pr insertim t dhnash.

USE [RESTORANTET E TIRANES]

GO
CREATE PROCEDURE [dbo].[Porosi_e_re]

@tavolin Int,
@artikull nvarchar(255),
@sasia Int

AS
BEGIN

SET NOCOUNT ON;

DECLARE @artikullId INT,
@porosi int

Select @artikullId=Artikujt.Art_Id From Artikujt Where

Artikujt.Emri=@artikull

Select @porosi=Porosia.Po_Id From Klienti,Tavolina,Porosia

Where Tavolina.Klient_Id=Klienti.Klient_Id and
Klienti.Po_ID=Porosia.Po_Id and
Tavolina.Tavolin_Id=@tavolin

Insert Into Porosi_Artikuj(Po_Id,Art_Id,Sasia)

Values (@porosi,@artikullId,@sasia)

END
GO

- Procedura e katrt: Afishon nj rezervim t ri pasi ne plotsojm t dhnat n lidhje me t.

Kjo realizohet duke updatuar tabelen Tavolina, pra krijohet nj stored procedure pr update.
USE [RESTORANTET E TIRANES]
GO
CREATE PROCEDURE [dbo].[Rezervim_i_Ri]

@tavolin Int,
@restorant nvarchar(25),
@data nvarchar(25),
@ora nvarchar(25),
@klientId int

AS
BEGIN

SET NOCOUNT ON;

DECLARE @ResId INT,
@porosi int

Select @ResId=Restoranti.Rest_Id From Restoranti,Tavolina Where

Restoranti.Emri=@restorant
and Tavolina.Res_Id=Restoranti.Rest_Id

Update Tavolina
set Data_Rez=@data, Ora_Rez=@ora,Klient_Id=@klientId
Where Tavolina.Res_Id=@ResId and Tavolina.Tavolin_Id=@tavolin

END
GO

CREATE DEFINER=`root`@`localhost` PROCEDURE `NrLibraveSipasKat` (IN

`KategoriaLibrit` VARCHAR(30), OUT `Totali` INT) BEGIN
SELECT COUNT(Kategoria)
INTO Totali
FROM librat
WHERE Kategoria = KategoriaLibrit ;
END$$

Funksione
Funksioni i par: Llogarit faturn e nj porosie n nj tavolin t nj restoranti. Merr si input
numrin e tavolins dhe afishon faturn.
USE [RESTORANTET E TIRANES]
GO

Create FUNCTION [dbo].[Fatura]

(
@tavolina INT
)
RETURNS INT
AS
BEGIN

DECLARE @fatura INT

-- Add the T-SQL statements to compute the return value here

SELECT @fatura=sum (Cmimi*Sasia) from Tavolina, Klienti, Porosia,
Porosi_Artikuj, Artikujt
Where Tavolina.Klient_Id=Klienti.Klient_Id AND
Klienti.Po_ID=Porosia.Po_Id and Porosia.Po_Id = Porosi_Artikuj.Po_Id
and Porosi_Artikuj.Art_Id=Artikujt.Art_Id AND
Tavolina.Tavolin_Id=@tavolina

-- Return the result of the function

RETURN @fatura

END

Thirrja e funksionit:
Use [RESTORANTET E TIRANES]
go
select Tavolina.Tavolin_Id, dbo.Fatura(5) as fatura from Tavolina where
Tavolina.Tavolin_Id=1