Tuesday, November 17, 2009

SQL Injection

SQL injection is an attack in which malicious code is inserted into strings that are later passed to an instance of SQL Server for parsing and execution. Any procedure that constructs SQL statements should be reviewed for injection vulnerabilities because SQL Server will execute all syntactically valid queries that it receives. Even parameterized data can be manipulated by a skilled and determined attacker.

The primary form of SQL injection consists of direct insertion of code into user-input variables that are concatenated with SQL commands and executed. A less direct attack injects malicious code into strings that are destined for storage in a table or as metadata. When the stored strings are subsequently concatenated into a dynamic SQL command, the malicious code is executed.

UserID = Request.form ("userid");
var sql = "select * from UserTable where ID= '" + UserID + "'";
The user is prompted to enter the User ID. If she or he enters "jack", the query assembled by the script looks similar to the following:

select * from UserTable where ID = 'jack'

However, assume that the user enters the following:

jack; drop table UserTable--

In this case, the following query is assembled by the script:

select * from UserTable where ID = 'jack''; drop table UserTable--'

The semicolon (;) denotes the end of one query and the start of another. The double hyphen (--) indicates that the rest of the current line is a comment and should be ignored. If the modified code is syntactically correct, it will be executed by the server. When SQL Server processes this statement, SQL Server will first select all records in UserTable where ID is jack. Then, SQL Server will drop UserTable.

Input characterMeaning in Transact-SQL


Query delimiter.


Character data string delimiter.


Comment delimiter.

/* ... */

Comment delimiters. Text between /* and */ is not evaluated by the server.


Used at the start of the name of catalog-extended stored procedures, such as xp_cmdshell.

Saturday, September 12, 2009

Select Statement for Different Database

Database SQL Syntax
- Different databases using different sql statement

select * from table fetch first 10 rows only

select first 10 * from table

Microsoft SQL Server and Access
select top 10 * from table

MySQL and PostgreSQL
select * from table limit 10

Oracle 8i
select * from (select * from table) where rownum <= 10

Monday, August 10, 2009

Linked Servers

A linked server configuration allows Microsoft® SQL Server™ to execute commands against OLE DB data sources on different servers. Linked servers offer these advantages:

  1. Remote server access.
  2. The ability to issue distributed queries, updates, commands, and transactions on heterogeneous data sources across the enterprise.
  3. The ability to address diverse data sources similarly.

When setting up a linked server, register the connection information and data source information with SQL Server. After registration is success, that data source can always be referred to with a single logical name.

You can manage a linked server definition with stored procedures or through SQL Server Enterprise Manager:

With stored procedures:

- Create a linked server definition using sp_addlinkedserver. To view information about the linked servers defined in a given instance of SQL Server, use sp_linkedservers. For more information, see sp_addlinkedserver and sp_linkedservers.

- Delete a linked server definition using sp_dropserver. You can also use this stored procedure to remove a remote server. For more information, see sp_dropserver.

With SQL Server Enterprise Manager:

- Create a linked server definition using the SQL Server Enterprise Manager console tree and the Linked Servers node (under the Security folder). Define the name, provider properties, server options, and security options for the linked server. For more information about the various ways a linked server can be set up for different OLE DB data sources and the parameter values to be used, see sp_addlinkedserver.

- Edit a linked server definition by right-clicking the linked server and clicking Properties.

- Delete a linked server definition by right-clicking the linked server and clicking Delete.

Saturday, August 8, 2009

How Long Stored Procedure stay in Sql Server 2000 cache?

SQL Server 2000

once the execution plan is generated for a Stored Procedure, it stays in the procedure cache. Lazy writer only keep looking and throwing out unused plans out of the cache "only when space is needed in cache".

Below are some documented and undocumented DBCC commands available in SQL Server 2000 to deal and find more information about SQL Server cache.

To Monitor the cahce:

To clean the cache:

You can read more from SQL 2000 Topic under "Lazy Writer", 'Freeing and Writing Buffer Pages' at:

Monday, May 11, 2009

awe enabled Option - MsSql 2005

In Windows Server 2003, you able change the Address Windowing Extensions (AWE) API to provide access to physical memory in excess of the limits set on configured virtual memory. The specific amount of memory you can use depends on hardware configuration and operating system support.

  • Windows Server 2003, Standard Edition supports physical memory up to 4 gigabytes (GB).
  • Windows Server 2003, Enterprise Edition supports physical memory up to 32 GB.
  • Windows Server 2003, Datacenter Edition supports physical memory up to 64 GB.

Extra Note

  • You are not running Express or Workgroup version of SQL Server. Please check here for further details about limitations in different versions of SQL Server.
  • you have enabled awe enabled option and set max server memory to the maximum memory you can allocate to SQL Server. This is applicatiable for 32 but versions of OS and not required in 64 bit version of Windows servers. Please check here for further details and how to configure the memoryfor SQL Server

Thursday, April 30, 2009

COMPUTE (Transact-SQL) - SQL Server 2005

Generates totals that appear as additional summary columns at the end of the result set. When used with BY, the COMPUTE clause generates control-breaks and subtotals in the result set.

USE Database;
SELECT CustomerID, OrderDate, SubTotal, TotalDue
FROM Sales.SalesOrderHeader
ORDER BY OrderDate
COMPUTE SUM(SubTotal), SUM(TotalDue);

MERGE statement - SQL Server 2008 New Feature

The idea behind the MERGE statement is that the developer can construct TSQL data-manipulation language (DML) statements in which INSERT, UPDATE, or DELETE can occur in the same statement, based on different search conditions. I think this idea is very cool. The ability to complete multiple statements within one statement could potentially lead to less coding and increased performance.
In addition to this statement, another great feature has been added to the INSERT statement. In SQL Server 2008, the developer can issue multiple rows to be inserted without using a SELECT statement as the INSERT statement source. Instead, the VALUE clause of the INSERT statement can be used to specify sets of values separated by parentheses and commas.

Friday, January 16, 2009


sp_helpfile returns the physical names and attributes of the current database.

Attributes that returns are name, fileid, filename, filegroup, size, maxsize, growth and usage.

- it for ms Sql Server

Database Engine Stored Procedures

sp_add_data_file_recover_suspect_db sp_droptype
sp_add_log_file_recover_suspect_db sp_executesql
sp_addextendedproc sp_getapplock
sp_addextendedproperty sp_getbindtoken
sp_addmessage sp_help
sp_addtype sp_helpconstraint
sp_addumpdevice sp_helpdb
sp_altermessage sp_helpdevice
sp_attach_db sp_helpextendedproc
sp_attach_single_file_db sp_helpfile
sp_autostats sp_helpfilegroup
sp_bindefault sp_helpindex
sp_bindrule sp_helplanguage
sp_bindsession sp_helpserver
sp_certify_removable sp_helpsort
sp_configure sp_helpstats
sp_control_plan_guide sp_helptext
sp_create_plan_guide sp_helptrigger
sp_create_plan_guide_from_handle sp_indexoption
sp_create_removable sp_invalidate_textptr
sp_createstats sp_lock
sp_cycle_errorlog sp_monitor
sp_datatype_info sp_procoption
sp_dbcmptlevel sp_recompile
sp_dbmmonitoraddmonitoring sp_refreshview
sp_dbmmonitorchangealert sp_releaseapplock
sp_dbmmonitorchangemonitoring sp_rename
sp_dbmmonitordropalert sp_renamedb
sp_dbmmonitordropmonitoring sp_resetstatus
sp_dbmmonitorhelpalert sp_serveroption
sp_dbmmonitorhelpmonitoring sp_setnetname
sp_dbmmonitorresults sp_settriggerorder
sp_dboption sp_spaceused
sp_dbremove sp_tableoption
sp_delete_backuphistory sp_unbindefault
sp_depends sp_unbindrule
sp_detach_db sp_updateextendedproperty
sp_dropdevice sp_updatestats
sp_dropextendedproc sp_validname
sp_dropextendedproperty sp_who