Search Results

Search found 37012 results on 1481 pages for 'sql query'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 371/1481 | < Previous Page | 367 368 369 370 371 372 373 374 375 376 377 378  | Next Page >

  • SQL Injection Attacks are still occurring

    - by TATWORTH
    It should be of concern to all developers that SQL Injection attacks are still occurring. Here are some resources on the subject: http://www.darkreading.com/DatabaseSecurity/util/4576/download.html (needs free registration) http://en.wikipedia.org/wiki/SQL_injection http://www.unixwiz.net/techtips/sql-injection.html http://msdn.microsoft.com/en-us/library/ms161953.aspx http://www.sitepoint.com/sql-injection-attacks-safe/ And for a funny view on it see http://xkcd.com/327/ So what are you doing to harden your applications?

    Read the article

  • SQLAuthority News Bookmark Deprecated Database Engine Features in SQL Server 2008

    When anybody asked me if any specific feature is available in SQL Server 2008 or if any feature will be disabled in future versions of SQL Server, I always point everybody to following list where all the deprecated database engine features are listed. Deprecated Database Engine Features in SQL Server 2008 R2 Deprecated Database Engine [...]...Did you know that DotNetSlackers also publishes .net articles written by top known .net Authors? We already have over 80 articles in several categories including Silverlight. Take a look: here.

    Read the article

  • Null Values And The T-SQL IN Operator

    - by Jesse
    I came across some unexpected behavior while troubleshooting a failing test the other day that took me long enough to figure out that I thought it was worth sharing here. I finally traced the failing test back to a SELECT statement in a stored procedure that was using the IN t-sql operator to exclude a certain set of values. Here’s a very simple example table to illustrate the issue: Customers CustomerId INT, NOT NULL, Primary Key CustomerName nvarchar(100) NOT NULL SalesRegionId INT NULL   The ‘SalesRegionId’ column contains a number representing the sales region that the customer belongs to. This column is nullable because new customers get created all the time but assigning them to sales regions is a process that is handled by a regional manager on a periodic basis. For the purposes of this example, the Customers table currently has the following rows: CustomerId CustomerName SalesRegionId 1 Customer A 1 2 Customer B NULL 3 Customer C 4 4 Customer D 2 5 Customer E 3   How could we write a query against this table for all customers that are NOT in sales regions 2 or 4? You might try something like this: 1: SELECT 2: CustomerId, 3: CustomerName, 4: SalesRegionId 5: FROM Customers 6: WHERE SalesRegionId NOT IN (2,4)   Will this work? In short, no; at least not in the way that you might expect. Here’s what this query will return given the example data we’re working with: CustomerId CustomerName SalesRegionId 1 Customer A 1 5 Customer E 5   I was expecting that this query would also return ‘Customer B’, since that customer has a NULL SalesRegionId. In my mind, having a customer with no sales region should be included in a set of customers that are not in sales regions 2 or 4.When I first started troubleshooting my issue I made note of the fact that this query should probably be re-written without the NOT IN clause, but I didn’t suspect that the NOT IN clause was actually the source of the issue. This particular query was only one minor piece in a much larger process that was being exercised via an automated integration test and I simply made a poor assumption that the NOT IN would work the way that I thought it should. So why doesn’t this work the way that I thought it should? From the MSDN documentation on the t-sql IN operator: If the value of test_expression is equal to any value returned by subquery or is equal to any expression from the comma-separated list, the result value is TRUE; otherwise, the result value is FALSE. Using NOT IN negates the subquery value or expression. The key phrase out of that quote is, “… is equal to any expression from the comma-separated list…”. The NULL SalesRegionId isn’t included in the NOT IN because of how NULL values are handled in equality comparisons. From the MSDN documentation on ANSI_NULLS: The SQL-92 standard requires that an equals (=) or not equal to (<>) comparison against a null value evaluates to FALSE. When SET ANSI_NULLS is ON, a SELECT statement using WHERE column_name = NULL returns zero rows even if there are null values in column_name. A SELECT statement using WHERE column_name <> NULL returns zero rows even if there are nonnull values in column_name. In fact, the MSDN documentation on the IN operator includes the following blurb about using NULL values in IN sub-queries or expressions that are used with the IN operator: Any null values returned by subquery or expression that are compared to test_expression using IN or NOT IN return UNKNOWN. Using null values in together with IN or NOT IN can produce unexpected results. If I were to include a ‘SET ANSI_NULLS OFF’ command right above my SELECT statement I would get ‘Customer B’ returned in the results, but that’s definitely not the right way to deal with this. We could re-write the query to explicitly include the NULL value in the WHERE clause: 1: SELECT 2: CustomerId, 3: CustomerName, 4: SalesRegionId 5: FROM Customers 6: WHERE (SalesRegionId NOT IN (2,4) OR SalesRegionId IS NULL)   This query works and properly includes ‘Customer B’ in the results, but I ultimately opted to re-write the query using a LEFT OUTER JOIN against a table variable containing all of the values that I wanted to exclude because, in my case, there could potentially be several hundred values to be excluded. If we were to apply the same refactoring to our simple sales region example we’d end up with: 1: DECLARE @regionsToIgnore TABLE (IgnoredRegionId INT) 2: INSERT @regionsToIgnore values (2),(4) 3:  4: SELECT 5: c.CustomerId, 6: c.CustomerName, 7: c.SalesRegionId 8: FROM Customers c 9: LEFT OUTER JOIN @regionsToIgnore r ON r.IgnoredRegionId = c.SalesRegionId 10: WHERE r.IgnoredRegionId IS NULL By performing a LEFT OUTER JOIN from Customers to the @regionsToIgnore table variable we can simply exclude any rows where the IgnoredRegionId is null, as those represent customers that DO NOT appear in the ignored regions list. This approach will likely perform better if the number of sales regions to ignore gets very large and it also will correctly include any customers that do not yet have a sales region.

    Read the article

  • Auditing made easy by Microsoft SQL Server 2008

    Microsoft SQL Server 2008 made the life of a DBA easier by providing an enhanced auditing feature, "SQL Server Audit". The first article of this series illustrates the various components for auditing and the action groups provided by Microsoft SQL Server 2008.

    Read the article

  • Developing and Deploying with SQL Azure

    - by guybarrette
    Microsoft published a short SQL Azure deployment document: This document provides guidelines on how to deploy an existing on-premise SQL Server database into SQL Azure. It also discusses best practices related to data migration. Download it here var addthis_pub="guybarrette";

    Read the article

  • Developing and Deploying with SQL Azure

    Microsoft published a short SQL Azure deployment document: This document provides guidelines on how to deploy an existing on-premise SQL Server database into SQL Azure. It also discusses best practices related to data migration. Download it here var addthis_pub="guybarrette";...Did you know that DotNetSlackers also publishes .net articles written by top known .net Authors? We already have over 80 articles in several categories including Silverlight. Take a look: here.

    Read the article

  • Livros oficiais Microsoft para download

    - by johnywercley
    A MSPress liberou download dos livros Introducing Microsoft SQL Server 2008 R2 e Understanding Virtualization Solutions from Desktop to the Datacenter . O download foi permitido por alguns dias depois será bloqueado. Introducing Microsoft SQL Server 2008 R2 216 páginas do livro são: PART I Database Administration CHAPTER 1 SQL Server 2008 R2 Editions and Enhancements CHAPTER 2 Multi-Server Administration CHAPTER 3 Data-Tier Applications CHAPTER 4 High Availability and Virtualization Enhancements...(read more)

    Read the article

  • Java or C# for a PL/SQL Developer

    - by OracleDeveloper
    Hello, Can you Please suggest as what should be my next carrer move , I am an Oracle Developer , I worked in Forms and reports and know good PL/SQL and SQL. Now , I am thinking to learn new technology as there no jobs in PL/SQL alone and Oracle front-end Forms and reports are on the verge of extinction. The issue is that I have with Java is its HUGE and I need to learn a lot many other technologies as well ( struts , hibernate , spring etc ) in addtion to adv java and Java EE coming. I am think as which technology can give with edge , with PL/SQL and Oracle ... Thank you.

    Read the article

  • Showplan Operator of the week - Assert

    As part of his mission to explain the Query Optimiser in practical terms, Fabiano attempts the feat of describing, one week at a time, all the major Showplan Operators used by SQL Server's Query Optimiser to build the Query Plan. He starts with Assert

    Read the article

  • SQL Auto Close Options

    - by Dave Noderer
    Found an interesting thing that others have run across but it is the first time I’ve seen it. A customer emailed to say that the SQL 2008 db that I had helped him with seemed to be going into recovery mode on a regular basis while watching the SQL Management Studio screen. Needless to say he was a bit nervous and about to take some drastic steps. Eventually he found that the Auto Close option was set to true. When this is set to true, the database automatically closes all connections and unlocks the mdf file after 300 milliseconds. When a new connection is made it spins backup… Great for xcopy deployment on a client machine but not a multi-user server based application. So the warning… if you have started a database with SQL express and then move it to a production SQL server, make sure you check that the Auto Close option is set to false. See options screen below:

    Read the article

  • Microsoft annonce les prochaines dates de sortie de SQL Server, version 2005 (SP4) et 2008 (SP2)

    Mise à jour du 29.03.2010 par Katleen Microsoft dévoile les prochaines dates de sortie de SQL Server, version 2005 (SP4) et 2008 (SP2) L'équipe travaillant sur SQL Serveur vient de publier un billet assez succinct sur son blog, à propos des prochains services packs à sortir. Ces road maps indiquent uniquement les dates de sortie, et pas encore les contenus. SQL Server 2005 (SP4) sera disponible au cours du dernier trimestre 2010, il s'agira du dernier service pack pour cette version. SQL Server 2008 (SP2) devrait sortir lors du troisième trimestre 2010 Plus d'informations à venir sur ces deux sorties bientôt, notamment à propos de leurs contenus. A...

    Read the article

  • Query something and return the reason if nothing has been found

    - by Daniel Hilgarth
    Assume I have a Query - as in CQS that is supposed to return a single value. Let's assume that the case that no value is found is not exceptional, so no exception will be thrown in this case. Instead, null is returned. However, if no value has been found, I need to act according to the reason why no value has been found. Assuming that the Query knows the reason, how would I communicate it to the caller of the Query? A simple solution would be not return the value directly but a container object that contains the value and the reason: public class QueryResult { public TValue Value { get; private set; } public TReason ReasonForNoValue { get; private set; } } But that feels clumsy, because if a value is found, ReasonForNoValue makes no sense and if no value has been found, Value makes no sense. What other options do I have to communicate the reason? What do you think of one event per reason? For reference: This is going to be implemented in C#.

    Read the article

  • News From EAP Testing

    - by Fatherjack
    There is a phrase that goes something like “Watch the pennies and the pounds/dollars will take care of themselves”, meaning that if you pay attention to the small things then the larger things are going to fare well too. I am lucky enough to be a Friend of Red Gate and once in a while I get told about new features in their tools and have a test copy of the software to trial. I got one of those emails a week or so ago and I have been exploring the SQL Prompt 6 EAP since then. One really useful feature of long standing in SQL Prompt is the idea of a code snippet that is automatically pasted into the SSMS editor when you type a few key letters. For example I can type “ssf” and then press the tab key and the text is expanded to SELECT * FROM. There are lots of these combinations and it is possible to create your own really easily. To create your own you use the Snippet Manager interface to define the shortcut letters and the code that you want to have put in their place. Let’s look at an example. Say I am writing a blog about something and want to have the demo code create a temporary table. It might looks like this; The first time you run the code everything is fine, a lovely set of dates fill the results grid but run it a second time and this happens.   Yep, we didn’t destroy the temporary table so the CREATE statement fails when it finds the table already exists. No matter, I have a snippet created that takes care of this.   Nothing too technical here but you will see that in the Code section there is $CURSOR$, this isn’t a TSQL keyword but a marker for SQL Prompt to place the cursor in that position when the Code is pasted into the SSMS Editor. I just place my cursor above the CREATE statement and type “ifobj” – the shortcut for my code to DROP the temporary table – which has been defined in the Snippet Manager as below. This means I am right-away ready to type the name of the offending table. Pretty neat and it’s been very useful in saving me lots of time over many years.   The news for SQL Prompt 6 is that Red Gate have added a new Snippet Command of $PASTE$. Let’s alter our snippet to the following and try it out   Once again, we will type type “ifobj” in the SSMS Editor but first of all, highlight the name of the table #TestTable and copy it to your clipboard. Now type “ifobj” and press Tab… Wherever the string $PASTE$ is placed in the snippet, the contents of your clipboard are merged into the pasted TSQL. This means I don’t need to type the table name into the code snippet, it’s already there and I am seeing a fully functioning piece of TSQL ready to run. This means it is it even easier to write TSQL quickly and consistently. Attention to detail like this from Red Gate means that their developer tools stay on track to keep winning awards year after year and help take the hard work out of writing neat, accurate TSQL. If you want to try out SQL Prompt all the details are at http://www.red-gate.com/products/sql-development/sql-prompt/.

    Read the article

  • Use VS2010 to deploy your SQL Database

    - by mcp111
    Did you know? You can use VS2010 to deploy your SQL databases. To access the deployment tool in Visual Studio 2010 you must first navigate to the project's properties window and find the Package/Publish SQL tab, located just below the Package/Publish Web tab. Here you will find most everything you'll need for deploying SQL databases. http://rachelappel.com/deployment/database-deployment-with-the-vs-2010-package-publish-database-tool/  Tweet

    Read the article

  • SQL Azure Security: DoS Part II

    - by Herve Roggero
    Ah!  When you shoot yourself in the foot... a few times... it hurts! That's what I did on Sunday, to learn more about the behavior of the SQL Azure Denial Of Service prevention feature. This article is a short follow up to my last post on this feature. In this post, I will outline some of the lessons learned that were the result of testing the behavior of SQL Azure from two machines. From the standpoint of SQL Azure, they look like one machine since they are behind a NAT. All logins affected The first thing to note is that all the logins are affected. If you lock yourself out to a specific database, none of the logins will work on that database. In fact the database size becomes "--" in the SQL Azure Portal.   Less than 100 sessions I was able to see 50+ sessions being made in SQL Azure (by looking at sys.dm_exec_sessions) before being locked out. The the DoS feature appears to be triggered in part by the number of open sessions. I could not determine if the lockout is triggered by the speed at which connection requests are made however.   Other Databases Unaffected This was interesting... the DoS feature works at the database level. Other databases were available for me to use.   Just Wait Initially I thought that going through SQL Azure and connecting from there would reset the database and allow me to connect again. Unfortunately this doesn't seem to be the case. You will have to wait. And the more you lock yourself out, the more you will have to wait... The first time the database became available again within 30 seconds or so; the second time within 2-3 minutes and the third time... within 2-3 hours...   Successful Logins The DoS feature appears to engage only for valid logins. If you have a login failure, it doesn't seem to count. I ran a test with over 100 login failures without being locked.

    Read the article

  • We have our standards, and we need them

    - by Tony Davis
    The presenter suddenly broke off. He was midway through his section on how to apply to the relational database the Continuous Delivery techniques that allowed for rapid-fire rounds of development and refactoring, while always retaining a “production-ready” state. He sighed deeply and then launched into an astonishing diatribe against Database Administrators, much of his frustration directed toward Oracle DBAs, in particular. In broad strokes, he painted the picture of a brave new deployment philosophy being frustratingly shackled by the relational database, and by especially by the attitudes of the guardians of these databases. DBAs, he said, shunned change and “still favored tools I’d have been embarrassed to use in the ’80′s“. DBAs, Oracle DBAs especially, were more attached to their vendor than to their employer, since the former was the primary source of their career longevity and spectacular remuneration. He contended that someone could produce the best IDE or tool in the world for Oracle DBAs and yet none of them would give a stuff, unless it happened to come from the “mother ship”. I sat blinking in astonishment at the speaker’s vehemence, and glanced around nervously. Nobody in the audience disagreed, and a few nodded in assent. Although the primary target of the outburst was the Oracle DBA, it made me wonder. Are we who work with SQL Server, database professionals or merely SQL Server fanbois? Do DBAs, in general, have an image problem? Is it a good career-move to be seen to be holding onto a particular product by the whites of our knuckles, to the exclusion of all else? If we seek a broad, open-minded, knowledge of our chosen technology, the database, and are blessed with merely mortal powers of learning, then we like standards. Vendors of RDBMSs generally don’t conform to standards by instinct, but by customer demand. Microsoft has made great strides to adopt the international SQL Standards, where possible, thanks to considerable lobbying by the community. The implementation of Window functions is a great example. There is still work to do, though. SQL Server, for example, has an unusable version of the Information Schema. One cast-iron rule of any RDBMS is that we must be able to query the metadata using the same language that we use to query the data, i.e. SQL, and we do this by running queries against the INFORMATION_SCHEMA views. Developers who’ve attempted to apply a standard query that works on MySQL, or some other database, but doesn’t produce the expected results on SQL Server are advised to shun the Standards-based approach in favor of the vendor-specific one, using the catalog views. The argument behind this is sound and well-documented, and of course we all use those catalog views, out of necessity. And yet, as database professionals, committed to supporting the best databases for the business, whatever they are now and in the future, surely our heart should sink somewhat when we advocate a vendor specific approach, to a developer struggling with something as simple as writing a guard clause. And when we read messages on the Microsoft documentation informing us that we shouldn’t rely on INFORMATION_SCHEMA to identify reliably the schema of an object, in SQL Server!

    Read the article

  • How to connect to database on remote server

    - by user137263
    Where there is VPN to remote server and then access to the database via local network interface, how can one establish a remote link between one's computer (with a programme such as Visual Studio 2010) and SQL Server (e.g. 2008 R2) ? Any attempts to create a direct link to the SQL Server are blocked. Whilst the SQL Server can be configured to allow external access, this provides its own host of problems. Any help would be much appreciated.

    Read the article

  • Troubleshooting Blocked Transaction in SQL Server

    - by ChrisD
    While troubleshooting a blocked transaction issue recently, I found this code online.  My apologies in not citing its source, but its lost in my browse history some where.   While the transaction is executing and blocked, open a connection to the database containing the transaction and run the following to return both the SQL statement blocked (the Victim), as well as the statement that’s causing the block (the Culprit)   -- prepare a table so that we can filter out sp_who2 results DECLARE @who TABLE(BlockedId INT, Status VARCHAR(MAX), LOGIN VARCHAR(MAX), HostName VARCHAR(MAX), BlockedById VARCHAR(MAX), DBName VARCHAR(MAX), Command VARCHAR(MAX), CPUTime INT, DiskIO INT, LastBatch VARCHAR(MAX), ProgramName VARCHAR(MAX), SPID_1 INT, REQUESTID INT) INSERT INTO @who EXEC sp_who2 --select the blocked and blocking queries (if any) as SQL text SELECT ( SELECT TEXT FROM sys.dm_exec_sql_text( (SELECT handle FROM ( SELECT CAST(sql_handle AS VARBINARY(128)) AS handle FROM sys.sysprocesses WHERE spid = BlockedId ) query) ) ) AS 'Blocked Query (Victim)', ( SELECT TEXT FROM sys.dm_exec_sql_text( (SELECT handle FROM ( SELECT CAST(sql_handle AS VARBINARY(128)) AS handle FROM sys.sysprocesses WHERE spid = BlockedById ) query) ) ) AS 'Blocking Query (Culprit)' FROM @who WHERE BlockedById != ' .'

    Read the article

  • Defensive Error Handling

    TRY…CATCH error handling in SQL Server has certain limitations and inconsistencies that will trap the unwary developer, used to the more feature-rich error handling of client-side languages such as C# and Java. In this article, abstracted from his excellent new book, Defensive Database Programming with SQL Server, Alex Kuznetsov offers a simple, robust approach to checking and handling errors in SQL Server, with client-side error handling used to enforce what is done on the server.

    Read the article

  • SQL Saturday #220 Atlanta May 2013!

    - by Most Valuable Yak (Rob Volk)
    If you love SQL Server training and are near the Atlanta area, or just love us so much you're willing to travel here, please come join us for: SQL SATURDAY #220! The main event is Saturday, May 18.  The event is free, with a $10.00 lunch fee.  The main page has more details here: http://www.sqlsaturday.com/220/eventhome.aspx We are also offering pre-conference sessions on Friday, May 17, by 5 world-renowned presenters: Denny Cherry: SQL Server Security Register! Site Twitter Adam Machanic: Surfing the Multicore Wave: Processors, Parallelism, and Performance Register! Site Twitter Stacia Misner: Languages of BI Register! Site Twitter Bill Pearson: Practical Self-Service BI with PowerPivot for Excel Register! Site Twitter Eddie Wuerch: The DBA Skills Upgrade Toolkit Register! Site Twitter         We have an early bird registration price of $119 until noon EST Friday, March 22.  After that the price goes to $149, a STEAL when you compare it to the PASS Summit price. :) Please click on the links to register and for more information.  You can also follow the hash tag #SQLSatATL on Twitter for more news about this event. Can't wait to see you all there!

    Read the article

  • Query a Log4Net-database

    - by pinhack
    So if you use Log4Net to log into a database (i.e. using the AdoNetAppender), how can you conveniently get an overview of what has happend ? Well, you could try the following Query ( T-SQL ):   SELECT convert(varchar(10),LogDB.Date,121) as Datum, LogDB.Level, LogDB.Logger,COUNT(LogDB.Logger) as Counter From Log4Net.dbo.Log as LogDB  where Level <> 'DEBUG' AND convert(varchar(10),LogDB.Date,121) like '2010-03-25' GROUP BY convert(varchar(10),LogDB.Date,121),LogDB.Level,LogDB.Logger ORDER BY counter desc This query will give you the number of events by the Logger at a specified date - and it's easy to customize, just adjust the Date and the Level to your needs. You need a bit more information than that? How about this query:  Select  convert(varchar(10),LogDB.Date,121) as Datum,LogDB.Level,LogDB.Message,LogDB.Logger ,count(LogDB.Message) as counter From Log4Net.dbo.Log as LogDB where Level <> 'DEBUG' AND convert(varchar(10),LogDB.Date,121) like '2010-03-25' GROUP BY convert(varchar(10),LogDB.Date,121),LogDB.Level,LogDB.Message,LogDB.Logger ORDER BY counter desc Similar to the first one, but inclusive the Message - which will return a much larger resultset.

    Read the article

  • Configuring SQL Server Express Edition for remote access

    - by rohancragg
    Originally posted on: http://geekswithblogs.net/rohancragg/archive/2013/07/24/configuring-sql-server-express-edition-for-remote-access.aspxI wanted to access SQL Express on my local machine from within a Client Hyper=V virtual machine on the same Domain. This article got me most of the way there: http://akawn.com/blog/2012/01/configuring-sql-server-2008-r2-express-edition-for-remote-access/ But it was a bit out of date. My steps were: Enable TCP/IP Protocol in SNAC Restart SQL Server Configure (Windows 8) Firewall to allow all Inbound for sqlservr.exe Footnote: I thought this might be relevant (nice to be able to script it): http://support.microsoft.com/kb/968872/en-us But the problem is that this is for fixed ports and not compatible with the (default) Dynamic Ports settings above.

    Read the article

  • Rendez-vous des Experts : SQL Server 2012 Denali, une émission en partenariat avec Developpez.com

    Rendez-vous des Experts : SQL Server 2012 Denali Une émission en partenariat avec Developpez.com SQL Server 2012 (anciennement Denali) est la prochaine version majeure de SQL Server, la plateforme de gestion et d'analyse de l'information de Microsoft. Cette version a été développée autour de trois axes majeurs :Devenir la plateforme de prédilection des applications critiques de l'entreprise, en réduisant le TCO Offrir une solution de business intelligence complète, accessible à tous, simplifiant l'accès à toutes les données de l'entreprise Permettre aux applications d'accéder de façon transparente aux données, qu'elles soient hébergées dans vos ...

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 367 368 369 370 371 372 373 374 375 376 377 378  | Next Page >