A blog about SQL Server, Books, Movies and life in general
Wednesday, July 02, 2008
Awesome Collection Of ASP.NET Hacks, Tips and Tricks
we have the following categories
1 Applications
2 Caching
3 Controls
4 Database
5 Dates
6 Debugging
7 Email
8 Encryption
9 Files
10 Images
11 Javascript
12 Objects and Classes
13 Pages
14 Sessions
15 Strings
16 Validation
17 Visual Studio
18 Web
The URL to these hacks is here: http://wiki.lessthandot.com/index.php/ASP.NET_Hacks
Bookmark that URL because we will be adding more hacks, tips and tricks
Interview With SSIS Guru Jamie Thomson
Tuesday, July 01, 2008
I tried to keep it a secret but it is all over the internet: I am a SQL Server MVP
Congratulations, Denis!
SQL Server MVP - Denis Gobo
and even an announcement on lessthandot
My profile is here: https://mvp.support.microsoft.com/profile=BCCF7416-DA4E-4D73-83E2-65FD61BAB16D
Stay tuned, I will have an interview with Jamie Thomson tomorrow
Thursday, June 26, 2008
Working On SQL Admin Hacks, Tips and Tricks
Can you think of any admin stuff you would like to see? This is what we have right now
Find Primary Keys and Columns Used in SQL Server
Get The Domain Name Of Your SQL Server Machine With T-SQL
Grant Execute/SELECT Permissions For All User Defined Functions To A User
Grant Execute Permissions For All Stored Procedures To A User
Kill All Active Connections To A Database
SQL Server 2008: When Was The Server Last Started?
Check If Auto Update Statistics Is Enabled By Using DATABASEPROPERTY
Three Way To List All Databases On Your Server
Generate A List Of Object Types By Using OBJECTPROPERTY
How to find all the tables and views in a database
Find Out Server Roles For a SQL Server Login
Which Service Pack Is Installed On My SQL Server
Test SQL Server Login Permissions With SETUSER
Login failed for user 'sa'. Reason: Not associated with a trusted SQL Server connection. SQL 2000
Login failed for user 'sa'. Reason: Not associated with a trusted SQL Server connection. SQL 2005
Compare Tables With Tablediff
Find All Tables Without Triggers In SQL Server
Find All Tables With Triggers In SQL Server
Create Stored Procedures That Run At SQL Server Startup
Cycle The SQL Server Error Log
How to read sql server error messages
Use OBJECT_DEFINITION To Track SQL Server Stored Procedure Changes
SQL Compare Without The Price Tag
How To Get The Database Name For The Current User Process
How To Find Out Which Columns Have Defaults And What Those Default Values Are
Fixing Cannot add, update, or delete a job that originated from an MSX Server Error after renaming a server
Tuesday, June 10, 2008
SQL Server 2008 Release Candidate 0 Available To The General Public For Download
There are 2 versions (and 3 flavors of each) ISO or DVD
Download it here: http://www.microsoft.com/downloads/details.aspx?FamilyId=35F53843-03F7-4ED5-8142-24A4C024CA05&displaylang=en
Don't forget to also visit the SQL Server 2008 Release Candidate 0 connect site here: https://connect.microsoft.com/SQLServer/content/content.aspx?ContentID=5395
Friday, June 06, 2008
Puzzle: Friday the Thirteenths
The goal is to identify all friday the thirteenths for a given timeframe. We'll use a relatively small number of years, like 10. This should make it a little easier in procedural languages.
I posted my SQL solution, what about you?
Go here: Friday the Thirteenths and show me what you got. Make sure to use the [hide][/hide] tags so you don't spoil it for other people
Sunday, June 01, 2008
Less Than Dot A New community Site Has Been Launched
Since I am mostly a SQL guy, I wrote a collection of SQL Server hacks. This collection of SQL hacks is available on the Wiki, right now we have 8 sections and between 70 and 80 hacks. Ideally we will have more hacks and we will also have a SQL admin hacks page in the future.
SQL Server Hacks Sections
* 1 NULLS
* 2 Dates
* 3 Sorting, Limiting Ranking, Transposing and Pivoting
* 4 Handy tricks
* 5 Pitfalls
* 6 Query Optimization
* 7 Undocumented but handy
* 8 Usefull Admin stuff For The Developer
Below are some direct links to a couple hacks, you can also get a list of all the hacks on the wiki itself here: SQL Server Programming Hacks
- Trouble With ISDATE And Converting To SMALLDATETIME
Row To Column (PIVOT)
Column To Row (UNPIVOT)
Five ways to return all rows from one table which are not in another table
Order IP Addresses
Use XACT_STATE() To Check For Doomed Transactions
Three differences between COALESCE and ISNULL
Case sensitive search
Use the sys.dm_db_index_usage_stats dmv to check if indexes are being used
Hopefully you will like the site and find some good content, if you have a question then don't hesitate to ask it in a forum.
Tuesday, May 27, 2008
SQL Teaser uniqueidentifier
CREATE TABLE #bla (SomeVal uniqueidentifier)
INSERT #bla VALUES('D903D52D-DBFA-4904-9D95-F265152A391F')
what do you think this will return?
SELECT * FROM #bla
WHERE SomeVal = 'D903D52D-DBFA-4904-9D95-F265152A391F12345678910'
UNION ALL
SELECT * FROM #bla
WHERE SomeVal = 'D903D52D-DBFA-4904-9D95-F265152A391F1'
Surprised?
What about this?
SELECT * FROM #blaWHERE SomeVal = CONVERT(uniqueidentifier,'D903D52D-DBFA-4904-9D95-F265152A391F12345678910')
Interview With Erland Sommarskog About SQL Server and Transact SQL
Enjoy
Friday, May 23, 2008
Interview With Craig Freedman About Indexing, Query Plans And Performance
Enjoy
Wednesday, May 21, 2008
I have a question for you on DB development blunders!
Here are a couple of things
Starting a begin tran, then some insert/update command, never commiting but minimizing the window.
Here is my all time favorite, can you reduce this by 90%?
declare @Token int
select @Token = 51234567
declare @val int
if left(@Token,1) = 1
select @val = 1
else if left(@Token,1) = 2
select @val = 2
else if left(@Token,1) = 3
select @val = 3
else if left(@Token,1) = 4
select @val = 4
else if left(@Token,1) = 5
select @val = 5
else if left(@Token,1) = 6
select @val = 6
else if left(@Token,1) = 7
select @val = 7
else if left(@Token,1) = 8
select @val = 8
else if left(@Token,1) = 9
select @val = 9
else if left(@Token,1) = 0
select @val = 0
select @val
Actually we put that on the whiteboard after we found it in our code and every time the developer wanted something we teased him about it...Oh you mean like that (pointing to the whiteboard)
What about changing the datatype from smallint to int in the table but keeping the params smallint in the proc.....mmmm why do I get a conversion in the execution plan?
So let's here some of what you have seen others write, we all know we couldn't write stuff like that ourselves right? :-)
Monday, May 19, 2008
Spring Cleaning, Getting Rid Of Some Books
I got rid of these books because:
I got a new version
I don't use the technology anymore
The book is obsolete
Click on the image and you can see a bigger version on my flickr page.
Thursday, May 08, 2008
SSMS Tools PACK 1.0 is now available
Here are some of the features
Uppercase/Lowercase keywords.
Run one script on multiple databases.
Copy execution plan bitmaps to clipboard.
Search Results in Grid Mode and Execution Plans.
Generate Insert statements for a single table, the whole database or current resultsets in grids.
Query Execution History (Soft Source Control).
Text document Regions and Debug sections.
Running custom scripts from Object explorer's Context menu.
CRUD (Create, Read, Update, Delete) stored procedure generation.
New query template.
Check it out here: http://www.ssmstoolspack.com/Main.aspx
How to log when a function is called?
This question came up today and here is one way of doing it. It requires running xp_cmdshell so this is probably not such a good idea.
The problem with functions is that you cannot just insert into any table. INSERT, UPDATE, and DELETE statements modifying table variables local to the function.
EXECUTE statements calling an extended stored procedures are allowed.
So with this in mind we know that we can call xp_cmdshell, from xp_cmdshell we can use osql
Let's take a look
We will be using tempdb
--Create the table
USE tempdb
go
CREATE TABLE LogMeNow (SomeValue varchar(50), SomeDate datetime default getdate())
go
--Here is the proc
CREATE PROC prLog
@SomeValue varchar(50)
AS
INSERT LogMeNow (SomeValue) VALUES(@SomeValue)
go
--And here is the function
CREATE FUNCTION fnBla(@id int)
RETURNS int
AS
BEGIN
DECLARE @SQL varchar(500)
SELECT @SQL = 'osql -S' +@@servername +' -E -q "exec tempdb..prLog ''fnBla''"'
EXEC master..xp_cmdshell @SQL
RETURN @id
END
Now call the function a couple of times
SELECT dbo.fnBla(1)
SELECT dbo.fnBla(2)
SELECT dbo.fnBla(4)
SELECT * FROM LogMeNow
What if you were to run this?
SELECT dbo.fnBla(4),* FROM sys.sysobjects
See the problem? The function will be called for every row, if you have a big table this can be problematic!!!!!!!!
I tested this on SQL 2000 and on SQL 2005(including a named instance). So there you have it, this is one way. does it smell kludgy and do I feel somewhat dirty now? yes it does indeed :-(
SQL Teaser: @@ROWCOUNT
SET ROWCOUNT 0
DECLARE @ int
SET @ =6
IF @@ROWCOUNT = 1
PRINT 'yes'
ELSE
PRINT 'no'
PRINT @@rowcount
Wednesday, May 07, 2008
Should SQLServer Have The CREATE [OR REPLACE] PROCEDURE Syntax?
First the advantages
Advantage
When scripting out a database you don’t have to generate if exists.....drop statements
When modifying an object from a file in source control you don’t have to change back and forth between CREATE and ALTER. This is really annoying sometimes; usually you create a proc or script out a proc and store it in Subversion/SourceSafe. Now you take that file, make some changes to the proc and run it. Of course it will tell you that the proc already exists, in general you don’t want to drop the proc and then execute the CREATE proc statement because then you have to worry about the permissions.(not everyone is running as dbo you know)
Disadvantage
I can overwrite a proc without even knowing it. What if we both are working on a proc and somehow we pic the same name I create my proc, you work in a remote location, you create yours and mine is gone.
Of course it is all what you are used to, I am sure the Oracle guys are not overwriting each other’s procs every day either
So what do you think? Would you be in favor of this syntax or not? Can you think of more advantages or disadvantages?
Tuesday, May 06, 2008
What Would You Like To Ask Erland Sommarskog?
The first time I heard of Erland Sommarskog was in the SQL Server programming newsgroups. I also read all the articles on his site. When I answer questions I usually give the link out to these 4 articles
Arrays and Lists in SQL Server
Implementing Error Handling with Stored Procedures
Error Handling in SQL Server – a Background
and of course The curse and blessings of dynamic SQL
I always wondered why he didn't write a SQL book. Hey, now I can ask him that :-)
Before you think of any questions please visit Erland's page first (http://www.sommarskog.se/index.html) and read some of the articles he wrote.
You can submit questions until Monday May 12th and then I will forward the questions to Erland.
What Would You Like To Ask Craig Freedman?
Before you think of any questions please visit Craig's blog first(http://blogs.msdn.com/craigfr/) to get a feel of what kind of questions to ask. It would make sense to keep the questions focused on query processing, query execution, and query plans. I told Craig that if he doesn't like a question that he does not have to answer it.
You can submit questions until Monday May 12th and then I will forward the questions to Craig
Do you depend on sp_depends (no pun intended)
Several people suggested using sp_depends. You can't really depend on sp_depends because of deferred name resolution. Take a look at this
First create this proc
CREATE PROC SomeTestProc
AS
SELECT dbo.somefuction(1)
GO
now create this function
CREATE FUNCTION somefuction(@id int)
RETURNS int
AS
BEGIN
SELECT @id = 1
RETURN @id
END
Go
now run this
sp_depends 'somefuction'
result: Object does not reference any object, and no objects reference it.
Most people will not create a proc before they have created the function. So when does this behavior rear its ugly head? When you script out all the objects in a database, if the function or any objects referenced by an object are created after the object that references them then sp_depends won't be 100% correct
SQL Server 2005 makes it pretty easy to do it yourself
SELECT
specific_name,*FROM information_schema.routines
WHERE
object_definition(object_id(specific_name)) LIKE '%somefuction%'AND
routine_type = 'procedure'
BTW somefuction is not a type, I already had a somefunction but was too lazy to change more than one character
Friday, May 02, 2008
Testing for SQL Server Vulnerabilities
http://www.owasp.org/index.php/Testing_for_SQL_Server
Here is what is covered. Enjoy (or live in fear over the weekend)
1 Brief Summary
2 Short Description of the Issue
3 Black Box testing and example
3.1 SQL Server Peculiarities
3.2 Example 1: Testing for SQL Injection in a GET request.
3.3 Example 2: Testing for SQL Injection in a GET request (2).
3.4 Example 3: Testing in a POST request
3.5 Example 4: Yet another (useful) GET example
3.6 Example 5: custom xp_cmdshell
3.7 Example 6: Referer / User-Agent
3.8 Example 7: SQL Server as a port scanner
3.9 Example 8: Upload of executables
3.10 Obtain information when it is not displayed (Out of band)
3.11 Blind SQL injection attacks
3.11.1 Trial and error
3.11.2 In case more than one error message is displayed
3.11.3 Timing attacks
3.11.4 Checking for version and vulnerabilities
3.12 Example 9: bruteforce of sysadmin password
4 References