Thinking outside the box

Patron Saint of Lost Yaks
posts - 203, comments - 734, trackbacks - 4

My Links

Advertisement

News

Archives

Post Categories

May 2008 Blog Posts

SQL Injection

Every now and then I see sites where commands are concatenated and sent to database server. The author must really trust the user inputs! For every system built this way, you can expect at least one attack with SQL injection. In some cases you might not be aware of the attack, and sometimes you are aware. Here is an example of a "friendly" attack, that just promotes a site and when you click the link you execute a javascript who knows do what? In this link http://www.sqlteam.com/forums/topic.asp?TOPIC_ID=102737 and this http://www.sqlteam.com/forums/topic.asp?TOPIC_ID=101673 there are examples of SQL injection attacks. As I wrote in the first topic, "What if the...

posted @ Wednesday, May 14, 2008 11:14 AM | Feedback (5) | Filed Under [ Administration ]

Lightning fast collapsed date ranges and missing date ranges

The last two days I have been involved in a rather interesting discussion. The original poster wanted a fast way to get missing date ranges in a series of date pairs. Naturally I posted the link to the Script Library topic http://www.sqlteam.com/forums/topic.asp?TOPIC_ID=88422 Traditional T-SQL proved to be very inefficient. Even when using the CTE approch which proved to be second fastest and still 100 to 1,600 times slower! I started out with creating 1,000 date pairs with following code -- Prepare sample data CREATE TABLE #ProcessCellAllocation               (                      AllocationID INT IDENTITY(1, 1) NOT NULL,                      ProcessCell VARCHAR(50) NOT NULL,                      DateFrom DATETIME NOT NULL,                      DateTo DATETIME,                      Seq INT               ) INSERT        #ProcessCellAllocation                 (                     ...

posted @ Tuesday, May 13, 2008 4:16 PM | Feedback (7) | Filed Under [ Optimization SQL Server 2008 Algorithms SQL Server 2005 SQL Server 2000 ]

Powered by:
Powered By Subtext Powered By ASP.NET