A blog about SQL Server, Books, Movies and life in general
Thursday, May 08, 2008
SSMS Tools PACK 1.0 is now available
Here are some of the features
Uppercase/Lowercase keywords.
Run one script on multiple databases.
Copy execution plan bitmaps to clipboard.
Search Results in Grid Mode and Execution Plans.
Generate Insert statements for a single table, the whole database or current resultsets in grids.
Query Execution History (Soft Source Control).
Text document Regions and Debug sections.
Running custom scripts from Object explorer's Context menu.
CRUD (Create, Read, Update, Delete) stored procedure generation.
New query template.
Check it out here: http://www.ssmstoolspack.com/Main.aspx
How to log when a function is called?
This question came up today and here is one way of doing it. It requires running xp_cmdshell so this is probably not such a good idea.
The problem with functions is that you cannot just insert into any table. INSERT, UPDATE, and DELETE statements modifying table variables local to the function.
EXECUTE statements calling an extended stored procedures are allowed.
So with this in mind we know that we can call xp_cmdshell, from xp_cmdshell we can use osql
Let's take a look
We will be using tempdb
--Create the table
USE tempdb
go
CREATE TABLE LogMeNow (SomeValue varchar(50), SomeDate datetime default getdate())
go
--Here is the proc
CREATE PROC prLog
@SomeValue varchar(50)
AS
INSERT LogMeNow (SomeValue) VALUES(@SomeValue)
go
--And here is the function
CREATE FUNCTION fnBla(@id int)
RETURNS int
AS
BEGIN
DECLARE @SQL varchar(500)
SELECT @SQL = 'osql -S' +@@servername +' -E -q "exec tempdb..prLog ''fnBla''"'
EXEC master..xp_cmdshell @SQL
RETURN @id
END
Now call the function a couple of times
SELECT dbo.fnBla(1)
SELECT dbo.fnBla(2)
SELECT dbo.fnBla(4)
SELECT * FROM LogMeNow
What if you were to run this?
SELECT dbo.fnBla(4),* FROM sys.sysobjects
See the problem? The function will be called for every row, if you have a big table this can be problematic!!!!!!!!
I tested this on SQL 2000 and on SQL 2005(including a named instance). So there you have it, this is one way. does it smell kludgy and do I feel somewhat dirty now? yes it does indeed :-(
SQL Teaser: @@ROWCOUNT
SET ROWCOUNT 0
DECLARE @ int
SET @ =6
IF @@ROWCOUNT = 1
PRINT 'yes'
ELSE
PRINT 'no'
PRINT @@rowcount
Wednesday, May 07, 2008
Should SQLServer Have The CREATE [OR REPLACE] PROCEDURE Syntax?
First the advantages
Advantage
When scripting out a database you don’t have to generate if exists.....drop statements
When modifying an object from a file in source control you don’t have to change back and forth between CREATE and ALTER. This is really annoying sometimes; usually you create a proc or script out a proc and store it in Subversion/SourceSafe. Now you take that file, make some changes to the proc and run it. Of course it will tell you that the proc already exists, in general you don’t want to drop the proc and then execute the CREATE proc statement because then you have to worry about the permissions.(not everyone is running as dbo you know)
Disadvantage
I can overwrite a proc without even knowing it. What if we both are working on a proc and somehow we pic the same name I create my proc, you work in a remote location, you create yours and mine is gone.
Of course it is all what you are used to, I am sure the Oracle guys are not overwriting each other’s procs every day either
So what do you think? Would you be in favor of this syntax or not? Can you think of more advantages or disadvantages?
Tuesday, May 06, 2008
What Would You Like To Ask Erland Sommarskog?
The first time I heard of Erland Sommarskog was in the SQL Server programming newsgroups. I also read all the articles on his site. When I answer questions I usually give the link out to these 4 articles
Arrays and Lists in SQL Server
Implementing Error Handling with Stored Procedures
Error Handling in SQL Server – a Background
and of course The curse and blessings of dynamic SQL
I always wondered why he didn't write a SQL book. Hey, now I can ask him that :-)
Before you think of any questions please visit Erland's page first (http://www.sommarskog.se/index.html) and read some of the articles he wrote.
You can submit questions until Monday May 12th and then I will forward the questions to Erland.
What Would You Like To Ask Craig Freedman?
Before you think of any questions please visit Craig's blog first(http://blogs.msdn.com/craigfr/) to get a feel of what kind of questions to ask. It would make sense to keep the questions focused on query processing, query execution, and query plans. I told Craig that if he doesn't like a question that he does not have to answer it.
You can submit questions until Monday May 12th and then I will forward the questions to Craig
Do you depend on sp_depends (no pun intended)
Several people suggested using sp_depends. You can't really depend on sp_depends because of deferred name resolution. Take a look at this
First create this proc
CREATE PROC SomeTestProc
AS
SELECT dbo.somefuction(1)
GO
now create this function
CREATE FUNCTION somefuction(@id int)
RETURNS int
AS
BEGIN
SELECT @id = 1
RETURN @id
END
Go
now run this
sp_depends 'somefuction'
result: Object does not reference any object, and no objects reference it.
Most people will not create a proc before they have created the function. So when does this behavior rear its ugly head? When you script out all the objects in a database, if the function or any objects referenced by an object are created after the object that references them then sp_depends won't be 100% correct
SQL Server 2005 makes it pretty easy to do it yourself
SELECT
specific_name,*FROM information_schema.routines
WHERE
object_definition(object_id(specific_name)) LIKE '%somefuction%'AND
routine_type = 'procedure'
BTW somefuction is not a type, I already had a somefunction but was too lazy to change more than one character
Friday, May 02, 2008
Testing for SQL Server Vulnerabilities
http://www.owasp.org/index.php/Testing_for_SQL_Server
Here is what is covered. Enjoy (or live in fear over the weekend)
1 Brief Summary
2 Short Description of the Issue
3 Black Box testing and example
3.1 SQL Server Peculiarities
3.2 Example 1: Testing for SQL Injection in a GET request.
3.3 Example 2: Testing for SQL Injection in a GET request (2).
3.4 Example 3: Testing in a POST request
3.5 Example 4: Yet another (useful) GET example
3.6 Example 5: custom xp_cmdshell
3.7 Example 6: Referer / User-Agent
3.8 Example 7: SQL Server as a port scanner
3.9 Example 8: Upload of executables
3.10 Obtain information when it is not displayed (Out of band)
3.11 Blind SQL injection attacks
3.11.1 Trial and error
3.11.2 In case more than one error message is displayed
3.11.3 Timing attacks
3.11.4 Checking for version and vulnerabilities
3.12 Example 9: bruteforce of sysadmin password
4 References
Thursday, May 01, 2008
Who do you want to see interviewed next?
Below is the list of all the people so far
Louis Davidson
Itzik Ben-Gan
Ken Henderson
Kalen Delaney
Adam Machanic
Interview With Stéphane Faroult About Refactoring SQL Applications
Database Refactoring Interview With Scott W. Ambler
Interview With Joe Celko About The Forthcoming Book Thinking In Sets
Who else should I interview? I have some ideas but I would like you to participate. Here is my thinking, after we have a list of possible people, I will contact them and ask if they will agree to an interview. If they agree I will make a post here and ask you what you would like to ask this person. I usually have a good set of questions but there might be someone out there with some real good/interesting questions.
So post the name of the person you would like to see interviewed and hopefully this person will agree.
It would be nice if you did not pick a person who blogs at SQLBlog but if_you_really_wanted_to then I will not stop you :-0
Please keep it database related, it doesn't have to be specific to SQL Server but it has to be applicable to SQL Server.
Friday, April 25, 2008
SQL Teaser: Some Things Are Not What They Seem
What does this return?
SELECT ISNUMERIC('+'),ISNUMERIC('–')
Copy and paste it into QA/SSMS to verify :-0
Tuesday, April 22, 2008
How to rename a column in a SQL Server table without using the designer
First create this table
CREATE TABLE TestColumnChange(id int)
INSERT TestColumnChange VALUES(1)
SELECT * FROM TestColumnChange
As you can see the select statement returns id as the column name. you can use ALTER table ALTER Column to change the dataype of a column but not the name.
Here is what we will do, execute the statement below
EXEC sp_rename 'TestColumnChange.[id]', 'value', 'COLUMN'
Now do the select, you will see that the column name has changed
SELECT * FROM TestColumnChange
That is it, very simple
Monday, April 21, 2008
Interview With Stéphane Faroult About Refactoring SQL Applications
I decided to interview Stéphane Faroult, the author of The Art of SQL because it is one of my favorite SQL books. Stéphane told me he has a new book coming out soon, the name of this book is Refactoring SQL Applications and the majority of this interview is focused on that book.
You can find that interview here: Interview With Stéphane Faroult About Refactoring SQL Applications
Tuesday, April 15, 2008
Solutions for Common T-SQL Problems Wiki Launched
Monday, April 14, 2008
Use IDENT_CURRENT() to return the last identity value generated in all tables in a SQL Server Database
SELECT IDENT_CURRENT(table_name),*
FROM INFORMATION_SCHEMA.TABLES
WHERE TABLE_TYPE = 'base table'
AND OBJECTPROPERTY(OBJECT_ID(table_name),'TableHasIdentity')=1
Sunday, April 13, 2008
Links Of The Week 20080414
Database
SQL Server 2005 Memory Limits and Related Questions
Microsoft to Increase Use of SQL Server 2005 Best Practices Analyzer (SQLPBA) - So Should You
SqlClient, System.Transactions, SQL Server 2008, and MARS
Visual Linq query builder for Linq to Sql
Converting an EAV design to sparse columns and populating
How It Works: SQL Server Page Allocations
How It Works: File Streams Requires Integrated Security (Windows Authentication)
Troubleshooting xp_cmdshell failures
How It Works: SQL Server Checkpoint (FlushCache) Outstanding I/O Target
Non DB tech
CSS Message Box collection
WCF: Reliable Messaging and Retry Timeouts
Google Starts to Index the Invisible Web
Download YouTube Videos as MP4 Files
New WCF Adapter Code Samples on MSDN!
IUpdatable & ADO.NET Data Services Framework
.NET Rocks! #332 - Ted Neward on the New Language Renaissance
Non tech
Why 24 hours in a Day?
The Publishing Industry Takes Another Hit
What job ads really mean
It's A Dog, Not A Towel (Pics.)
I've got your Highlander right here! [Pic]
Monday, April 07, 2008
Video: SQL Server Data Services Architecture
Watch it here: http://channel9.msdn.com/ShowPost.aspx?PostID=395843#395843
Saturday, April 05, 2008
Links Of The Week 20080405
Database
Send Table or View as embedded HTML in an email – stored procedure
How It Works: SQL Server 2005 DBCC Shrink* May Take Longer Than SQL Server 2000
How It Works: Non-Yielding Resource Monitor
Overhead of Row Versioning
TempDB:: Table variable vs local temporary table
sp_helpindex2 to show included columns (2005+) and filtered indexes (2008) which are not shown by sp_helpindex
Yet Another Stored Procedure vs. Ad-hoc Query Discussion?
Geek City: How SQL Server Detects the Correct Versioned Rows
SQLIOSim is "NOT" an I/O Performance Tuning Tool
Forensic Analysis of a SQL Server 2005 Database Server
Non DB tech
Microsoft Live Search Gains Market Share
Unit Testing with Silverlight
Using Spring.NET and NHibernate with ASP.NET MVC
Enterprise Library 4.0 Community Technology Preview
Hanselminutes Podcast 107 - Digital Photography Explained (for Geeks) with Aaron Hockley
How do Extension Methods work and why was a new CLR not required?
Core War: Two Programs Enter, One Program Leaves
How to set an IIS Application or AppPool to use ASP.NET 3.5 rather than 2.0
Let That Be a Lesson To You, Son: Never Upgrade.
Silverlight 2 DIGG Sample Part I
Silverlight 2 DIGG Sample Part II
Silverlight 2 DIGG Sample Part III
Google Developer Podcast: Picasa Web and Google Gears for Mobile
Ted Neward: On Java and .NET, Software Academics versus Practioners, General Purpose Programming Languages
Whirlwind 7: What's New in C# 3 - Lambda Expressions
Google To Launch BigTable As Web Service To Compete With Amazon's SimpleDB
Non tech
SMCB: Charles Manson Pulls a Radiohead
Possibly the best name ever.
Thank God for Torrents (Pic)
Wednesday, April 02, 2008
Database Refactoring Interview With Scott W. Ambler
Scott W. Ambler is the Practice Leader Agile Development for IBM Rational
You can find more about Scott here: http://www.ibm.com/software/rational/bios/ambler.html
I did not feel like duplicating the content here so you can read the interview here: Database Refactoring Interview With Scott W. Ambler
Tuesday, April 01, 2008
SQL Champ - A Quiz to Prove Your SQL Knowledge
Take the test here: SQL Champ - A Quiz to Prove Your SQL Knowledge
And did you get everything correct?
And yes they wrote Knowlege instead of Knowledge :-)
Not An April Fool’s Joke: SQL Server 2000 Mainstream Support Ends In A Week
SQL 2000 SP4 - currently supported; support ends on either 12 months after SP5 is released or on 4/8/2008 whichever comes first. Extended support under which you get only break-fix assistance via Premier ends on 4/9/2013. I am not aware of release date for SP5 so far.
SQL 2005 SP2 - currently supported; support ends on either 12 months after SP3 is released or on 4/12/2011 whichever comes first. Extended support under which you get only break-fix assistance via Premier ends on 4/13/2016
More details can be found here: http://blogs.msdn.com/sqlreleaseservices/archive/2007/07/12/sql-server-support-lifetimes-customer-actions.aspx
And here:
http://support.microsoft.com/lifecycle/?p1=2852