Search Results

Search found 27339 results on 1094 pages for 'sql tempdb'.

Page 393/1094 | < Previous Page | 389 390 391 392 393 394 395 396 397 398 399 400  | Next Page >

  • Are PDO prepared statements sufficient to prevent SQL injection?

    - by Mark Biek
    Let's say I have code like this: $dbh = new PDO("blahblah"); $stmt = $dbh->prepare('SELECT * FROM users where username = :username'); $stmt->execute( array(':username' => $_REQUEST['username']) ); The PDO documentation says The parameters to prepared statements don't need to be quoted; the driver handles it for you. Is that truly all I need to do to avoid SQL injections? Is it really that easy? You can assume MySQL if it makes a difference. Also, I'm really only curious about the use of prepared statements against SQL injection. In this context, I don't care about XSS or other possible vulnerabilities.

    Read the article

  • What's the best way to test SQL Server connection programmatically?

    - by backslash17
    I need to develop a single routine that will be fired each 5 minutes to check if a list of SQL Servers (10 to 12) are up and running. I can try to obtain a simple query in each one of the servers but this means that I have to create a table, view or stored procedure in every server, even if I use any already made SP I need to have a registered user in each server too. The servers are not in the same physical location so having those requirements would be a complex task. Is there a way to simply "ping" from C# one SQL Server? Thanks in advance!

    Read the article

  • Which workaround to use for the following SQL deadlock?

    - by Marko
    I found a SQL deadlock scenario in my application during concurrency. I belive that the two statements that cause the deadlock are (note - I'm using LINQ2SQL and DataContext.ExecuteCommand(), that's where this.studioId.ToString() comes into play): exec sp_executesql N'INSERT INTO HQ.dbo.SynchronizingRows ([StudioId], [UpdatedRowId]) SELECT @p0, [t0].[Id] FROM [dbo].[UpdatedRows] AS [t0] WHERE NOT (EXISTS( SELECT NULL AS [EMPTY] FROM [dbo].[ReceivedUpdatedRows] AS [t1] WHERE ([t1].[StudioId] = @p0) AND ([t1].[UpdatedRowId] = [t0].[Id]) ))',N'@p0 uniqueidentifier',@p0='" + this.studioId.ToString() + "'; and exec sp_executesql N'INSERT INTO HQ.dbo.ReceivedUpdatedRows ([UpdatedRowId], [StudioId], [ReceiveDateTime]) SELECT [t0].[UpdatedRowId], @p0, GETDATE() FROM [dbo].[SynchronizingRows] AS [t0] WHERE ([t0].[StudioId] = @p0)',N'@p0 uniqueidentifier',@p0='" + this.studioId.ToString() + "'; The basic logic of my (client-server) application is this: Every time someone inserts or updates a row on the server side, I also insert a row into the table UpdatedRows, specifying the RowId of the modified row. When a client tries to synchronize data, it first copies all of the rows in the UpdatedRows table, that don't contain a reference row for the specific client in the table ReceivedUpdatedRows, to the table SynchronizingRows (the first statement taking part in the deadlock). Afterwards, during the synchronization I look for modified rows via lookup of the SynchronizingRows table. This step is required, otherwise if someone inserts new rows or modifies rows on the server side during synchronization I will miss them and won't get them during the next synchronization (explanation scenario to long to write here...). Once synchronization is complete, I insert rows to the ReceivedUpdatedRows table specifying that this client has received the UpdatedRows contained in the SynchronizingRows table (the second statement taking part in the deadlock). Finally I delete all rows from the SynchronizingRows table that belong to the current client. The way I see it, the deadlock is occuring on tables SynchronizingRows (abbreviation SR) and ReceivedUpdatedRows (abbreviation RUR) during steps 2 and 3 (one client is in step 2 and is inserting into SR and selecting from RUR; while another client is in step 3 inserting into RUR and selecting from SR). I googled a bit about SQL deadlocks and came to a conclusion that I have three options. Inorder to make a decision I need more input about each option/workaround: Workaround 1: The first advice given on the web about SQL deadlocks - restructure tables/queries so that deadlocks don't happen in the first place. Only problem with this is that with my IQ I don't see a way to do the synchronization logic any differently. If someone wishes to dwelve deeper into my current synchronization logic, how and why it is set up the way it is, I'll post a link for the explanation. Perhaps, with the help of someone smarter than me, it's possible to create a logic that is deadlock free. Workaround 2: The second most common advice seems to be the use of WITH(NOLOCK) hint. The problem with this is that NOLOCK might miss or duplicate some rows. Duplication is not a problem, but missing rows is catastrophic! Another option is the WITH(READPAST) hint. On the face of it, this seems to be a perfect solution. I really don't care about rows that other clients are inserting/modifying, because each row belongs only to a specific client, so I may very well skip locked rows. But the MSDN documentaion makes me a bit worried - "When READPAST is specified, both row-level and page-level locks are skipped". As I said, row-level locks would not be a problem, but page-level locks may very well be, since a page might contain rows that belong to multiple clients (including the current one). While there are lots of blog posts specifically mentioning that NOLOCK might miss rows, there seems to be none about READPAST (never) missing rows. This makes me skeptical and nervous to implement it, since there is no easy way to test it (implementing would be a piece of cake, just pop WITH(READPAST) into both statements SELECT clause and job done). Can someone confirm whether the READPAST hint can miss rows? Workaround 3: The final option is to use ALLOW_SNAPSHOT_ISOLATION and READ_COMMITED_SNAPSHOT. This would seem to be the only option to work 100% - at least I can't find any information that would contradict with it. But it is a little bit trickier to setup (I don't care much about the performance hit), because I'm using LINQ. Off the top of my head I probably need to manually open a SQL connection and pass it to the LINQ2SQL DataContext, etc... I haven't looked into the specifics very deeply. Mostly I would prefer option 2 if somone could only reassure me that READPAST will never miss rows concerning the current client (as I said before, each client has and only ever deals with it's own set of rows). Otherwise I'll likely have to implement option 3, since option 1 is probably impossible... I'll post the table definitions for the three tables as well, just in case: CREATE TABLE [dbo].[UpdatedRows]( [Id] [uniqueidentifier] NOT NULL ROWGUIDCOL DEFAULT NEWSEQUENTIALID() PRIMARY KEY CLUSTERED, [RowId] [uniqueidentifier] NOT NULL, [UpdateDateTime] [datetime] NOT NULL, ) ON [PRIMARY] GO CREATE NONCLUSTERED INDEX IX_RowId ON dbo.UpdatedRows ([RowId] ASC) WITH (STATISTICS_NORECOMPUTE = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS = ON, ALLOW_PAGE_LOCKS = ON) ON [PRIMARY] GO CREATE TABLE [dbo].[ReceivedUpdatedRows]( [Id] [uniqueidentifier] NOT NULL ROWGUIDCOL DEFAULT NEWSEQUENTIALID() PRIMARY KEY NONCLUSTERED, [UpdatedRowId] [uniqueidentifier] NOT NULL REFERENCES [dbo].[UpdatedRows] ([Id]), [StudioId] [uniqueidentifier] NOT NULL REFERENCES, [ReceiveDateTime] [datetime] NOT NULL, ) ON [PRIMARY] GO CREATE CLUSTERED INDEX IX_Studios ON dbo.ReceivedUpdatedRows ([StudioId] ASC) WITH (STATISTICS_NORECOMPUTE = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS = ON, ALLOW_PAGE_LOCKS = ON) ON [PRIMARY] GO CREATE TABLE [dbo].[SynchronizingRows]( [StudioId] [uniqueidentifier] NOT NULL [UpdatedRowId] [uniqueidentifier] NOT NULL REFERENCES [dbo].[UpdatedRows] ([Id]) PRIMARY KEY CLUSTERED ([StudioId], [UpdatedRowId]) ) ON [PRIMARY] GO PS! Studio = Client. PS2! I just noticed that the index definitions have ALLOW_PAGE_LOCK=ON. If I would turn it off, would that make any difference to READPAST? Are there any negative downsides for turning it off?

    Read the article

  • 'Timeout Expired' error against local SQL Express on only 2 LINQ Methods...

    - by Refracted Paladin
    I am going to sum up my problem first and then offer massive details and what I have already tried. Summary: I have an internal winform app that uses Linq 2 Sql to connect to a local SQL Express database. Each user has there own DB and the DB stay in sync through Merge Replication with a Central DB. All DB's are SQL 2005(sp2or3). We have been using this app for over 5 months now but recently our users are getting a Timeout expired. The timeout period elapsed prior to completion of the operation or the server is not responding. Detailed: The strange part is they get that in two differnt locations(2 differnt LINQ Methods) and only the first time they fire in a given time period(~5mins). One LINQ method is pulling all records that match a FK ID and then Manipulating them to form a Heirarchy View for a TreeView. The second is pulling all records that match a FK ID and dumping them into a DataGridView. The only things I can find in common with the 2 are that the first IS an IEnumerable and the second converts itself from IQueryable - IEnumerable - DataTable... I looked at the query's in Profiler and they 'seemed' normal. They are not very complicated querys. They are only pulling back 10 - 90 records, from one table. Any thoughts, suggestions, hints whatever would be greatly appreciated. I am at my wit's end on this.... public IList<CaseNoteTreeItem> GetTreeViewDataAsList(int personID) { var myContext = MatrixDataContext.Create(); var caseNotesTree = from cn in myContext.tblCaseNotes where cn.PersonID == personID orderby cn.ContactDate descending, cn.InsertDate descending select new CaseNoteTreeItem { CaseNoteID = cn.CaseNoteID, NoteContactDate = Convert.ToDateTime(cn.ContactDate). ToShortDateString(), ParentNoteID = cn.ParentNote, InsertUser = cn.InsertUser, ContactDetailsPreview = cn.ContactDetails.Substring(0, 75) }; return caseNotesTree.ToList<CaseNoteTreeItem>(); } AND THIS ONE public static DataTable GetAllCNotes(int personID) { using (var context = MatrixDataContext.Create()) { var caseNotes = from cn in context.tblCaseNotes where cn.PersonID == personID orderby cn.ContactDate select new { cn.ContactDate, cn.ContactDetails, cn.TimeSpentUnits, cn.IsCaseLog, cn.IsPreEnrollment, cn.PresentAtContact, cn.InsertDate, cn.InsertUser, cn.CaseNoteID, cn.ParentNote }; return caseNotes.ToList().CopyLinqToDataTable(); } }

    Read the article

  • Japanese character stored in SQL Server DB using ASP page that assumed it as ISO-8859-1 encoding

    - by Vishal Seth
    We have a legacy ASP based product that allowed the UI and Data languages of user groups to be configured according to their locations. CodePage and CharSet in ASP pages collecting data was set accordingly. I've noticed few instances in the SQL Server DB where users posted Japanese characters in the ASP page that assumes the oncoming stream to be of ISO-8859-1/Western and as a result, the data in the SQL table has gobbled up. While upgrading the client to our new product, I want to back-convert those "garbage" Japanese (in some instances Chinese) characters back to their actual form. Can I create some utility ASP page that would go through such data values and "fix" the wrongly-encoded strings and store everything back as utf-8 strings? In any case, I don't want to affect my French/Spanish/English characters that might be there as well.

    Read the article

  • How can I convert SQL comments with -- to # using Perl?

    - by NJTechie
    I have various SQL files with '--' comments and we migrated to the latest version of MySQL and it hates these comments. I want to replace -- with #. I am looking for a recursive, inplace replace one-liner. This is what I have: perl -p -i -e 's/--/# /g'` ``fgrep -- -- * A sample .sql file: use myDB; --did you get an error I get the following error: Unrecognized switch: --did (-h will show valid options). p.s : fgrep skipping 2 dashes was just discussed here if you are interested. Any help is appreciated.

    Read the article

  • How to Merge two databases in one in SQL Server 2008?

    - by SzamDev
    Hi I have 2 PCs, each one of them has SQL Server 2008 installed on it and there is a database with data in it. I need a way that I can move data in my DB from this SQL Server to another one (another PC which has the same DB) move data from one PC to another one - There is one problem, the ID column, because each DB in my 2 PCs has data in it so this column counts from 1,2,3,....... ( data will be conflict with other data in my DB ) Is there any way to solve my problem and move data successfully?

    Read the article

  • Best way to move a bunch of SQL Server 2005 tables to another Server?

    - by Mikecancook
    I've been looking for a way to move a bunch of tables, more than 40, to another server with all the data in them. I've looked around for scripts to generate inserts but so far I'd have to run them once for every table, then copy all the scripts over and then run them on the server. Seems like there is a better way. --Update-- My strategy for doing this may have been for naught. The end script, using MS SQL Server Publishing Wizard and Red Gates SQL Data Compare (excellent tool, btw) results in a file over 1GB. This makes my system plead for mercy and I'm not willing to risk crashing a clients server just opening the file to run it. I may have to rethink this whole thing and break down to just individual per table scripts. I'm not looking forward to that.

    Read the article

  • How can I know when SQL Full Text Index Population is finished?

    - by GarethOwen
    We are writing unit tests for our ASP.NET application that run against a test SQL Server database. That is, the ClassInitialize method creates a new database with test data, and the ClassCleanup deletes the database. We do this by running .bat scripts from code. The classes under test are given a connection string that connects to the unit test database rather than a production database. Our problem is, that the database contains a full text index, which needs to be fully populated with the test data in order for our tests to run as expected. As far as I can tell, the fulltext index is always populated in the background. I would like to be able to either: Create the full text index, fully populated, with a synchronous (transact-SQL?) statement, or Find out when the fulltext population is finished, is there a callback option, or can I ask repeatedly? My current solution is to force a delay at the end the class initialize method - 5 seconds seems to work - because I can't find anything in the documentation.

    Read the article

  • How can I replace ” with " in ASP.NET SQL?

    - by vamsivanka
    I am trying to run this SQL from ASP.NET 2005 but am getting an invalid SQL error because it has a weird character ” in it. In my code I am trying to replace ” with " but it is not doing it as the special character in the replace command is changing to ". Query: insert into userquery(description) values ('In fact, Topeka Google Mayor Bill Bunten expressed it best: “Don’t be fooled. Even Google recognizes that all roads lead to Kansas, not just yellow brick ones.”') If I copy and execute this in mysql it is working good. How can I solve this problem?

    Read the article

  • In SQL, how can I count the number of values in a column and then pivot it so the column becomes the

    - by Josh Yeager
    I have a survey database with one column for each question and one row for each person who responds. Each question is answered with a value from 1 to 3. Id Quality? Speed? -- ------- ----- 1 3 1 2 2 1 3 2 3 4 3 2 Now, I need to display the results as one row per question, with a column for each response number, and the value in each column being the number of responses that used that answer. Finally, I need to calculate the total score, which is the number of 1's plus two times the number of 2's plus three times the number of threes. Question 1 2 3 Total -------- -- -- -- ----- Quality? 0 2 2 10 Speed? 2 1 1 7 Is there a way to do this in set-based SQL? I know how to do it using loops in C# or cursors in SQL, but I'm trying to make it work in a reporting tool that doesn't support cursors.

    Read the article

  • I want to exchange the Value of a column in two different rows in Microsoft SQL server

    - by Silmaril89
    Hi, I want to do the following two SQL Queries in Microsoft SQL SERVER UPDATE Partnerships SET sortOrder = 2 WHERE sortOrder = 1; UPDATE Partnerships SET sortOrder = 1 WHERE sortOrder = 2; The only problem is, I don't allow for sortOrder to contain the same value, it is a unique key. How could I get around this, because the first query violates the unique key rule and terminates? Or will I have to get rid of the unique key rule I have? Thanks!

    Read the article

  • Is there a way to customise messages produced by statements in MS SQL Query Analyzer?

    - by Scott Leis
    If I run a simple query in SQL Query Analyzer, like: SELECT * FROM TableName the Messages pane always produces a message like: (30 row(s) affected) If I run a stored procedure with many statements, the messages are useless because there's no indication of what each one relates to. So firstly: Is there a way to customise the default messages on a per-query basis? E.g. I'd like a specific query to produce a message like: TableName query produced [numRowsAffected] results. replacing [numRowsAffected] with the number that would have appeared in the default message. Secondly, is there a way to suppress the default messages on a per-query basis? E.g. I have a local variable of type TABLE, used in several statements. I don't want any message to appear for statements where I'm just deleting data from that variable before re-using it. I'm seeking solutions that work in SQL Server 8.0.

    Read the article

  • Is there a tool that will show diagrams of my SQL database in real-time?

    - by Rising Star
    I've created some diagrams of SQL tables using the "Reverse Engineer" feature of Microsoft Office Visio. I like being able to visualize my relational databases in this manner. However, what I get is just a static document that I can print, e-mail to colleagues, and click widgets on. Earlier this year, I saw at a demo that the new version of Visual Studio 2010 has a new feature called the "Architect Explorer", which allows developers to view relationships among .net classes on the fly. It has many features for filtering the data that the developer is interested in. It would be really awesome if I could visually browse my tables and stored procedures and see what is related to what by primary key, foreign key, and referenced in stored procedures. I realize that I'm talking about two entirely different technologies and it's not a perfect analogy, but is there some similar tool that would allow me to visualize tables in my SQL database?

    Read the article

  • Is there an alternative of using a VBScript for enabling FileStream after SQL Server installation?

    - by user193655
    To use Filestream on a DB 3 steps must be done: 1) enable it a server/instance level 2) enable it (sp_configure) at DB level 3) create a varbinary(max) field that supports filestream (2) and (3) are done easily with T-SQL (1) is doable manually from SQL Server Configuration Manager, basically what I need is to check all the 3 checkboxes: but how is it possible to automize it? I found this artcile "Enabling filestream usin a VBScript", is there another way to do it than using VBScripts? May be something that is possible to do only with 2008R2? In case it VBScript is the only solution, which are the possible downsides?

    Read the article

  • How can I fake sql data while preserving statements without commenting my server-side code?

    - by Fedor
    I have to use hardcoded values for certain fields because at this moment we don't have access to the real data. When we do get access, I don't want to go through a lot of work uncommenting. Is it possible to keep this statement the way it is, except use '25' as the alias for ratecode? IF(special.ratecode IS NULL, br.ratecode, special.ratecode) AS ratecode, I have about 8 or so IF statements similar to this and I'm just too lazy ( even with vim ) to re-append while commenting out each if statement line by line. I would have to do this: $sql = 'SELECT u.*,'; // IF ( special.ratecode IS NULL, br.ratecode, special.ratecode) AS ratecode $sql.= '25 AS ratecode';

    Read the article

  • How to log the raw SQL from Oracle occi C++ api?

    - by savanna
    One of our customers is complaining our application is not working. Their reasoning is that our sql function call to their Oracle database is not getting the "expected" result. Sometime, it should failed but our application get success from their database. It's really frustrating because it's their database and we cannot do any test on it. We are using the C++ Oracle OCCI API. Is there anyway we can log the raw sql from our end? That will be very helpful and we can ship the script to them and let them debug in their system to figure out the problem. Thanks in advance.

    Read the article

  • Can a SQL Server 2008 database support both a REST and SOAP web services within two different endpoints?

    - by PaulDecember
    Say you have a SQL Server 2008 database. You build a SOAP web service. You then deploy or publish this using Visual Studio 2010 in one website. Now, using the same database, you build a REST web service, in a different solution. You deploy this on another website. Can you consume the endpoints and/or .svc file of both the SOAP and REST web services, though they reference the same SQL Server 2008 database? I don't see why not, but before I go down this path and spend days I'd like to make sure. Also if there's a performance hit to the database if it is running both SOAP and REST at the same time--again, I don't see why it would matter, but I must make sure. Thanks.

    Read the article

  • How to make UPDATE queries in LINQ to SQL?

    - by Alex
    I like using LINQ to SQL. The only problem is that I don't like the default way of updating tables. Let's say I have the following table with the following columns: ID (primary key), value1, value2, value3, value4, value5 When I need to update something I call UPDATE ... WHERE ID=@id LINQ to SQL call UPDATE ... WHERE ID=@id and value1=@value1 and value2=@value2 and value3=@value3 and value4=@value4 and value5=@value5 I can override this behavior by adding UpdateCheck=UpdateCheck.Never to every column, but with every update of the DataContext class with the GUI, this will be erased. Is there any way to tell LINQ to use this way of updating data?

    Read the article

  • how to get the second batch and 3rd batch in the same query result in oracle sql + yii framework?

    - by sasori
    let' say i have 20 results in the sql query. if am gonna use the limit in the yii active record, I'll obviously get the first four from the result, but what if i wanna get the 2nd four and then 3rd four in the same query result ? how to query that via sql ? e.g $criteria2 = new CDbCriteria(); $criteria2->select = 'USERID, ADID ,ADTYPE, ADTITLE, ADDESC, PAGEVIEW, DISPPUBLISHDATE'; $criteria2->addCondition("STATUS = 1"); $criteria2->order = '"t".PAGEVIEW DESC,"t".PUBLISHDATE DESC'; $criteria2->limit = 4; $criteria2->with = array('subcat','adimages'); $result = $this->findAll($criteria2); return $result;

    Read the article

< Previous Page | 389 390 391 392 393 394 395 396 397 398 399 400  | Next Page >