DataSnap

Stored procedures for less advanced.

The purpose of this program is to retrieve values from the database and snap their value into a new table. The flexibility of the program – as it accepts any SQL query - allows the company to fully control it and receive relevant information. The program executes the query at certain time of the day (selected by user) and saves the data into specified by the user table. What the program does could be implemented as a stored procedure, however, this allows to gather the information for less advanced SQL users.

Benefits are dependent on who the query will run for. Due to the fact that the program can accept any query it can really benefit anyone. For example, snaping the total value of the stock could benefit purchasers, warehouse managers or even the Chief Executive Officer. Furthermore, the tables the program will create can be easily integrated into company’s web applications which will allow the users to see live information of the data snap shots. The snap shots' time is specified for each data profile.

During a snap shot, the program connects to the SQL server and retrieves data from the specified table and writes it to the table that it created.

All security measures have been taken to prevent any SQL injection or unauthorised access. The program can only be ran by an administrator. The program can only start snaping data if the user logged into SQL Server using server’s credentials and these credentials are not stored anywhere accessible. Furthermore, each time the program is about to snap the data it will check whether the SQL syntax is correct and if no forbidden SQL keywords / statements are present (non-select statements). These checks are done at each point of creating a data profile for everything that may relate to the database.

Technologies used:
Visual Studio, C#, WinForms, SQL, XML