Every developer that has worked with SQL for any length of time has most likely been there...  You are running an ad-hoc DML (data manipulation language) SQL statement against a database.  Depending on the security processes in place at your company/client, you may be executing this statement against a development database, staging database, or (gasp) a production database.  You've written an update statement and are thoroughly convinced it will update only the select few rows that you would like changed.  However, you execute the statement and see the message "30072 row(s) affected".  Depending on the environment you executed this in, you are either mildly frustrated (development environment) or your heart is in your throat (production environment).

So, how do you avoid this?  Test against data you don't care about?  Run a select statement that mimics the update or delete statement before you actually execute it?  These are both a step in the right direction, but another way to verify that your SQL will do what you intend is to utilize transactions.

Instead of:

(Which will cause the price of your nerf footballs to be 10.99, however the Football stadium that you happen to have for sale will also be quite the bargain.)

Why not use:


Utilizing a transaction and then rolling it back allows you to see the number of rows affected and, if you choose, the "before" and "after" state of the database without actually committing the changes.

The concept is simple, but re-using it as a best practice will save you time, headaches, and perhaps even disaster.

I recently encountered a case where I needed a sql result set to account for the value of an "Include inactive" checkbox in the UI.  The business requirements were: 1) If the user doesn't check the box, display only active records, 2) If the user checks the box, display both active and inactive records.  The active field was a bit in the database table, so all records were either active or inactive.  My first thought was that for case 2, no WHERE criteria would be necessary for the sql statement, whereas case 1 would require "Active = 1" criteria.  This seemed to point to the need to dynamically construct a sql statement based on the inclusion/exclusion of that where clause.

I was working with an existing parameterized sql statement, so really didn't want to switch over to a stored procedure and start dynamically building the sql within the sproc (not to mention building the sql dynamically isn't the cleanest approach to begin with).  After a little thought, I realized that I could solve the problem within the same parameterized sql statement simply using IN criteria. 

Here's a stripped down version of the sql. The @IncludeInactive parameter comes from the checkbox value

Case 1: Checkbox not checked, don't include inactive users

Case 2: Checkbox checked, include inactive users

Nothing ground-breaking here, but much less code to maintain and a lot cleaner than dynamic sql.