Archive for category SQL Server
Single Character Wildcards
Posted by shawson in SQL Server on January 21, 2009
To my shame, I only recently realised there was a single character wildcard available in SQL ( _ ) as well as the mutliple character wildcard ( % )! really handy for substituting single quote characters (or other weird ones) to ensure a match when doing a ‘like’ lookup
SSIS / DTS packages violating referential integrity
Posted by in SQL Server on December 8, 2008
I've recently inherited the integration support for a web project being built by a third party which is about to go live. Amongst the numerous odd's and ends which are being tied up are a bunch of SSIS packages which have been updated, but not run for some time. When the moment came to finally push the button, as is my luck, nothing happened.
The package clears a bunch of data from some book and author tables, then replaces it with nice fresh data from our internal data repository- the trouble is, the developer has a "shopping basket" and "shopping basket items" table, which had the "book id" from the books table as a foreign key- so in order to maintain referential integrity the DBMS (Sql 2000) moaned up when we tried to bin everything from the books table. The exact error i got was;
Error: DELETE statement conflicted with COLUMN REFERENCE constraint ‘FK_ShoppingBasketItem_Book’. The conflict occurred in database ‘BookDB’, table ‘ShoppingBasketItem’, column ‘BookID’.
Error: Executing the query “Delete from Book” failed with the following error: “The statement has been terminated.” Possible failure reasons: Problems with the query, “ResultSet” property not set correctly, parameters not set correctly, or connection not established correctly.
After having googled about for a bit it seems there is no nice way to do this- but the cleanest work around I could find was to disable the CHECK constraint before the package ran, then re-enable it when complete- the syntax was;
ALTER TABLE <Tablename> NOCHECK CONSTRAINT <constraint name>
ALTER TABLE <Tablename> WITH CHECK CHECK CONSTRAINT <constraint name>
For example, in my case;
ALTER TABLE ShoppingBasketItem NOCHECK CONSTRAINT FK_ShoppingBasketItem_Book
ALTER TABLE ShoppingBasketItem WITH CHECK CHECK CONSTRAINT FK_ShoppingBasketItem_Book
Setting up session state database on sql server
Posted by shawson in .net, SQL Server on November 7, 2008
Just a quick reminder for myself- if you have a fresh sql database that you want to install the default asp.net session database on for use by your applications, the command line value you want is;
aspnet_regsql.exe -S <server> -U <dbuser> -P <password> -ssadd -sstype p
To then set your application up to use sql server for state maintenance, add the following to your web.config file;
ASP.net 1.1.4x:
Under the <system.web> section
<sessionState mode="SQLServer" timeout="20" cookieless="false" sqlConnectionString="Data Source=WEBSQL; User Id=xxx;Password=xxx;"” />
ASP.net 2.0.5x
Again under the <system.web> section (not using the standard state database name)
<sessionState mode="SQLServer" allowCustomSqlDatabase="true" sqlConnectionString="Data Source=WebSQL; database=ASPStateDotNet2;user id=xxx;password=xxx" cookieless="false" timeout="40" />
We had a 1.1 session store already setup and setup the .net 2 seession store on the same server under a different database name. To do this just append a “-d ” parameter to the end of the command line.
Classic ASP SQL Injection vulnerability analyser
Posted by in .net, Classic ASP, SQL Server on October 24, 2008
If, like me, you have a whole bunch of legacy sites written by someone else long before you joined the company all code bases of varying quality, then you may find this tool useful. I read an article on the register a while ago about a command line tool Microsoft have put together which analyses Classic ASP code, and looks for vulnerabilities that leave your pages open to SQL injection attack.
Incase you are unfamiliar, there is a good article up on securitydocs.com exaplaining what a sql injection attack is and giving some practical examples on how they work and how easily they can be executed.
It seems to do this by looking at how your code deals with input accepted from the Request.Form and Request.Querystring and making sure it goes through some kind of filtering. Anyway- have a butchers at the tool yourself. The article title is "The Microsoft Source Code Analyzer for SQL Injection tool is available to find SQL injection vulnerabilities in ASP code" and the applications name is "msscasi_asp.exe"- i only mention this as Microsoft seem to frequently reshuffle their pages breaking loads of links so you may some to this article and find just a 404 so this will allow you to do a site search!
The article also makes a mention of a similar tool created by HP called scrawlr which is available here
Assigning execute permissions to Stored procedure in bulk on sql server 2000
Posted by shawson in SQL Server on October 23, 2008
Phewf- that is a lengthy title!
The ongoing battle with the corporate machine to invest a bit of cash on some new tech is ongoing- as a result our primary RDBMS is still MS Sql 2000! I recently had a fairly large database built by a third party which we need to host- i restored from the backup they supplied and setup a new user with no permissions and started gradually building access only to what was neede- but with 923 stored procedures to grant execute permission to, this suddenly looked like a total chore.
Luckily a bit of googling by my colleague Paul, turned up this little nugget from sqldbatips.com. Just incase the article is ever taken down, this is what it said;
SQL2000
A common answer to the question posed by the
title of this article is to run a query such as the one below in Query Analyzer
and copy and paste the results into a query window and execute them. The query
uses the INFORMATION_SCHEMA views to generate a list of GRANT statements for
each procedure in the database.SELECT 'grant exec on ' + QUOTENAME(ROUTINE_SCHEMA) + '.' + QUOTENAME(ROUTINE_NAME) + ' TO <insert_username>' FROM INFORMATION_SCHEMA.ROUTINES WHERE OBJECTPROPERTY(OBJECT_ID(ROUTINE_NAME),'IsMSShipped') = 0However, what we can do is shortcut the copy and
paste step by using a system extended stored procedure called xp_execresultset (Note that after SQL2000 Service Pack 3,
xp_execresultset is no longer an extended stored procedure but simply a wrapper
for the system stored procedure sp_execresultset) This extended stored procedure
allows you to pass in a SQL query that generates a result set that it will then
execute as long as the result of the query is a legitimate SQL batch. Thus we
can take the query above and pass it to xp_execresultset and it will generate a resultset containing
GRANT statements for each procedure in the database which will then be executed
thus neatly avoiding the need to copy and paste. I have created a stored
procedure called sp_grantexec
(click to follow link to code) that takes a user name or role as a parameter and
grants execute permissions on all stored procedures in the current database to
wrap this up and make it easier to use. An example of using xp_execresultset is shown below.declare @sql nvarchar(4000) declare @db sysname ; set @db = DB_NAME() declare @u sysname ; set @u = QUOTENAME('<insert_username>') set @sql ='select ''grant exec on '' + QUOTENAME(ROUTINE_SCHEMA) + ''.'' + QUOTENAME(ROUTINE_NAME) + '' TO ' + @u + ''' FROM INFORMATION_SCHEMA.ROUTINES ' + 'WHERE OBJECTPROPERTY(OBJECT_ID(ROUTINE_NAME),''IsMSShipped'') = 0' exec master.dbo.xp_execresultset @sql,@db
-
You are currently browsing the archives for the SQL Server category.
Flexicoder Blog- WWDC 2012 – Apple TV Apps May 10, 2012I’m lucky enough to be attending the WWDC this year, as it reaches closer to the “day of the long queue” my thoughts are turning to what I hope will be announced at the conference. So here they are in no real order (apart from the first one) Ability to run apps on the Apple […]
- Úll Conference – Review May 1, 2012I’ve just come back from Dublin, Ireland, where I attended the Úll Conference to cover all things iOS related. When the tickets where first released, the conference was advertised as a 3 day affair, starting on Friday 27th April and ending on the Sunday. A friend from Ireland, @realmikebutler, had told me about the conference […]
- Worthing Digital – Local Tech Community March 8, 2012If you are local to the Worthing/Sussex area, please check out the new Worthing Digital group, they’ve arranged a number of good talks and also started up a co-working event. If you have any ideas on helping the community grow you can also post comments on the forum […]
- Open doors effect at App launch February 4, 2012This is a copy of a blog entry I originally wrote for ios-blog There are a number of apps in the App Store that launch with a set of closed doors, these are then opened to present the actual UI underneath it. I had to create this effect for an app I wrote for a […]
- New App – Ballpark Costs January 26, 2012When potential clients ask for a ballpark figure on development costs, these are the questions I ask to help clarify whats required and therefore affect the cost. They are in no particular order… What are the target platforms, iPhone, iPad, Android, Windows Mobile? If iPhone do you want a universal version, i.e. the same app […]
- CCLabelBMFont – not displaying May 13, 2011I hit a problem today where the CCLabelBMFont wasn’t rendering the text I wanted at all. I created the the fnt file using http://www.n4te.com/hiero/hiero.jnlp Turns out that as it creates the underlying png for some reason it saves it in a flipped format, therefore you need to load the png into your favourite graphics package […]
- WWDC 2012 – Apple TV Apps May 10, 2012