|
I have a book taht suggests creating a user defined data type for time only? How is it that I can't create a user defined type for time alone?
|
|
|
|
|
I have Googled without success (I keep getting blog posts that deride Access/Jet SQL as 'sucking'* with a comment feature at the bottom of the page), but does anybody know how to code-comment Access/Jet SQL?
I'm attempting to show our resident VB "whiz" how he's left himself open to SQL Injection attacks - when his application targets SQL Server I can successfully hack his code in the manner described by various posts/articles by injecting my own SQL and by commenting out his, but in Access/Jet SQL it doesn't appear to work.
*Yes, I'm inclined to agree with the majority of these posts.
|
|
|
|
|
Hi,
I am new in the field of databases.
I am trying to create a strong typed dataset (using vs 2005 add data set wizard).
The table in my data base include foreign keys (relations).
When the wizard finishes the dataset is created with all the necessary tables and fields, EXCEPT for data relations.
When I am performing the same thing with access data base the relations are loaded well.
Does anyone have an idea of what it could be.
Sincerely yours
Y.R.
|
|
|
|
|
how would I select and count the number of values that match: j0107_a131 and show the following two values
j0107_a131
j0107_a131_01
the roomcode is in a string that is why i specified below 'like roomcode'
i.e. select count (room_code) from rooms where room_code like room_code
hope that makes sense cheers
|
|
|
|
|
Well, you could always do this:
select @room_code = @room_code + '%'
select count(room_code) from rooms where room_code like @room_code
|
|
|
|
|
i am using ASP.net, C# anD SQL Server2005,in the following query:
string q = "SELECT collapsed_building.b_name,collapsed_building.b_desc FROM collapsed_building WHERE collapsed_building.b_name LIKE '" + crimewithdate.text2 + "' ";
I WANT TO USE % AFTER THE KEYWORD like SO THAT ALL THE BUILDING NAMES WHICH MATCH THE VALUE ENTERED BY THE USER ARE DISPLAYED
WHEN I WRITE (LIKE '" + %crimewithdate.text2 %+ "'), IT GIVES ERROR, WHAT WILL BE THE CORRECT SENTAX
|
|
|
|
|
Please, don't do this. You leave yourself with open to a Sql Injection attack. Take a look at this[^] article on how to avoid this. Now, you many want to consider using something like this:
DECLARE @building_name NVARCHAR(100)
SELECT @building_name = 'Test'
-- The lines above are just a sample to get you started. Move this into a stored procedure and use
-- the code below to do the actual work. Note that you would want to determine whether or not
-- @building_name ended in a % before using this code.
SELECT @building_name = @building_name + '%'
SELECT collapsed_building.b_name,collapsed_building.b_desc FROM collapsed_building WHERE collapsed_building.b_name LIKE @building_name
|
|
|
|
|
Pete is correct in saying that this is dangerous code. You have to use strong
protection to make sure that crimewithdate.text2 does not contain
any malicious SQL code instead of the expected search parameter.
To answer your question as asked, here is one solution:
string q = string.Format("SELECT collapsed_building.b_name,
collapsed_building.b_desc FROM collapsed_building
WHERE collapsed_building.b_name LIKE '%{0}%'", crimewithdate.text2);
(The line breaks are for readability only)
Do realize that an evil user could enter something like;
x'; TRUNCATE TABLE collapsed_building; SELECT * FROM collapsed_building WHERE b_name LIKE 'x
and wreck your whole day.
It is much better to pass crimewithdate.text2 as a parameter and not expose your database to bad people.
modified on Tuesday, January 22, 2008 11:26:49 AM
|
|
|
|
|
Hi, i want to create a job.
http://msdn2.microsoft.com/en-us/library/ms191439.aspx[^]
By following this link, i did the same, but i unable to see the sqlserver agent in object explorer. i started the service in adminsitrative tools ->services. And also, i restarted the sqlserver. still not able to see sqlserver agent..can any one help regarding this.....
G. Satish
|
|
|
|
|
I have 2 Databases: in that, In the Database DB1, i write a stored procedure: In that i write
Select command for a the table that has to fetch from Database DB2.
How to write a Stored Procedure for this?
Regards,
LEE
|
|
|
|
|
If you are using SQL Server, identify your tables using the following naming convention:
databasename.owner.tablename
Paul Marfleet
"No, his mind is not for rent
To any God or government"
Tom Sawyer - Rush
|
|
|
|
|
Doing that sort of thing is generally a bad idea.
I have some code that does that and now we want to move one of the databases to a different server and can't without breaking the code. At best we could link the servers, but I'd still have to modify the code. (And we've had trouble with linked servers in the past.)
Plus, not all database systems allow that construct so it may lock you into SQL Server.
You may want to create a view that handles the cross-database query.
Anyway, be aware of the potential problems.
|
|
|
|
|
Hi freinds i want to develop crystal report which used different data source to dispaly different record in one singal report
There i have some Question
1 : Can i used Subreport for differnt datasource in main Crystal report and can i send parameter to them
2: can i useHide subreport i.e if i there is Condition to show subreport(a)
then all remain subreport shoul be hide mean to say shoe singal subreport in each case Can i do this Can some body tell me
wasim khan
|
|
|
|
|
|
Hi there,
Can someone tell me, is it possible in SQL Server 2005 how to Decrypt and Encrypted SP or View.
Mujtaba
"If both of us are having one apple each and we exchange it, at the end we both will have one apple each. BUT if both of us are having one idea each and we exchange it, at the end both of us will be having two ideas each."
|
|
|
|
|
The procedure encryption is actually referred to as obfuscation in Books Online. Also, there is no SQL Server command for decrypting it back. You could use third party components to accomplish this, there sure can be found some by searching in google for them.
The only feature for protecting code in SQL Server is the WITH ENCRYPTION clause (http://databases.aspfaq.com/database/how-do-i-protect-my-stored-procedure-code.html[^]). It is weak not necessarily because the encryption is weak (it uses RC4), but because the encryption key can be easily found. An attacker will focus on finding the encryption key rather than breaking the encryption algorithm in such a solution.
|
|
|
|
|
Hi, i want a procedure to schedule a job in sqlserver 2005.
How to create a job in sqlserver 2005?
G. Satish
|
|
|
|
|
This information is available in SQL Server BOL. Did it occur to you to read the documentation?
Paul Marfleet
"No, his mind is not for rent
To any God or government"
Tom Sawyer - Rush
|
|
|
|
|
I cant understand your answer. I dont know anything regarding schdeuling and sqlserver agent also. I dont know BOL. what is this? can u give link rgarding this concept?
G. Satish
|
|
|
|
|
Satish - Developer wrote: I dont know BOL. what is this?
SQL Server Books Online. It's the online documentation for SQL Server. Reading documentation is what people usually do when they want to learn how something works. I suggest you follow their example.
Paul Marfleet
"No, his mind is not for rent
To any God or government"
Tom Sawyer - Rush
|
|
|
|
|
hi
can any body explain me how to send mails from sql server 2000
thanks
Suman
|
|
|
|
|
|
you must join your computer of sql server to domain and make profile for your email Exchange on Sql server 2000.
then used it.
123
|
|
|
|
|
Hi,
I have written a stored procedure for displaying data page-wise in ASP.Net 1.1 version. Even though data is present in database, when I tried to execute the following stored procedure, nothing is executing. I'm also not getting any errors. Could anybody please help me in finding out what's I'm doing wrong in these Stored Procedure?
ALTER PROCEDURE GETRICSBYPAGE
(
@Page int,
@RecsPerPage int
)
AS
SET NOCOUNT ON
CREATE TABLE #TEMPRICSBYPAGE
(
SLNO INT,
PK_VALUE INT,
RIC_NAME VARCHAR(50),
NO_OF_DAYS INT,
LAST_UPDATE_DATE DATETIME,
PE_FID1 BIGINT,
HEADEND_FID1383 VARCHAR(30),
LOCATION_FID836 VARCHAR(30),
CTBTR_BKDG VARCHAR(50)
)
INSERT INTO #TEMPRICSBYPAGE (SLNO,PK_VALUE,RIC_NAME, NO_OF_DAYS, LAST_UPDATE_DATE,
PE_FID1, HEADEND_FID1383,LOCATION_FID836, CTBTR_BKDG)
SELECT '' SLNO,PK_VALUE,RIC_NAME RIC, NO_OF_DAYS Days, LAST_UPDATE_DATE,
PE_FID1, HEADEND_FID1383,LOCATION_FID836, CTBTR_BKDG
FROM STALERICSTEMP2 WHERE PK_VALUE IS NOT NULL ORDER BY RIC_NAME
DECLARE @FirstRec int, @LastRec int
SELECT @FirstRec = (@Page - 1)* @RecsPerPage
SELECT @LastRec = (@Page * @RecsPerPage + 1)
SELECT '' SLNO,PK_VALUE,RIC_NAME,NO_OF_DAYS,LAST_UPDATE_DATE,PE_FID1,
HEADEND_FID1383,LOCATION_FID836, CTBTR_BKDG
FROM #TEMPRICSBYPAGE AS STLRICNEW WHERE PK_VALUE > @FirstRec
AND PK_VALUE < @LastRec
Is there anything wrong with the above? When I tried to execute in the query analyzer, EXEC GETRICSBYPAGE 1, 10, it is not giving me anything. Only blank headings. Please help.
Thanks,
Meeram395
modified on Monday, January 21, 2008 3:40:43 AM
|
|
|
|
|
Hi,
Sorry... Please ignore. It got resovled. It is checking with the PK_Value which is starting with 700. So I reset the PK_value. Issue is resolved now.
Sorry for the inconvenience caused.
Thanks,
Meeram395
|
|
|
|
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Praise 
Rant 
Admin 
Submit an article or tip
