Automated Trigger To Require a WHERE Clause

  • Comments posted to this topic are about the item Automated Trigger To Require a WHERE Clause

    [font="Comic Sans MS"]Rahul:-P[/font]

  • Also check my article on same topic.

    Thanks

    DBDigger Microsoft Data Platform Consultancy.

  • AShehzad (1/24/2011)


    Also check my article on same topic.

    Thanks

    it's nice and ok but will your code be worthless when any table has no primary key and it's always not mandatory to have one .....

    so check it out i also did the same mistake but at the later stage i rectified it.........

    Thanks

    [font="Comic Sans MS"]Rahul:-P[/font]

  • Yes you are right. I have made the script for tables with clustered index. So for that reason i have also mentioned it through following sentence

    One final note before we get started, it is assumed that a cluster index exists for the table on which these triggers would be implemented

    Thanks

    • This reply was modified 4 years, 11 months ago by  Atif.
    • This reply was modified 3 years, 7 months ago by  Dave Convery.

    DBDigger Microsoft Data Platform Consultancy.

  • Hi Rahul

    Not sure if it's just a editing omission, but your trigger will only do what you're intending if there are no indexes at all or just a clustered index on the table.

    sys.dm_db_partition_stats contains one row per object, per index. So let's say that the trigger's on a table with 20 rows and 3 indexes (one clustered, 2 nonclustered). An update with no where clause is run. @@rowcount will be 20. The sum of rows across sys.dm_db_partition_stats will be 60 however (20 for each index). 20 is not larger than 60 and hence the trigger allows that update.

    Fix is simple, your sum from sys.dm_db_partition_stats should be

    SELECT SUM(row_count)

    FROM sys.dm_db_partition_stats

    WHERE OBJECT_ID = OBJECT_ID('tablename')

    AND index_id IN (0,1) -- heap and cluster only

    Also have you tested this under heavy concurrent load? (inserts running while doing the updates/deletes)?

    Gail Shaw
    Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
    SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

    We walk in the dark places no others will enter
    We stand on the bridge and no one may pass
  • It is a smart workaround, but it doesn't really solve the problem in an elegant way.

    I miss a configuration on Sql server that states "Where Clause mandatory". For all tables, for all Sql statements.

    I fear every day, that I will forget the where clause eventually and destroy an entire table.

    And guess what: Sql doesn't have an Undo button!

    But still if you need (and you will need) you can write "Where 1=1", to update/delete every record in a table.

    Your workaround treats it like a "missing where".

    You can see the difference between an accidentaly forgoten where and one you written on purpose.

    I believe this is a huge "security hole" in the Sql language. And yet it stays with us for so many years (and so many tears).

  • luciano furlan (1/25/2011)


    I fear every day, that I will forget the where clause eventually and destroy an entire table.

    And guess what: Sql doesn't have an Undo button!

    If you're doing anything on a production server, the first command in your query window and the first you run should be BEGIN TRANSACTION. That way if you do accidentally leave out (or not select) the where clause, you can roll it back.

    Gail Shaw
    Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
    SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

    We walk in the dark places no others will enter
    We stand on the bridge and no one may pass
  • Lol, I know I have done this twice in my life. 1st time was on the dev box on a restore of production, so I could simply run a update query reading the correct values from the production database. Second time was a week or 2 ago on a system i developed freelance. There was no source, and no backups as yet. It was an update of the product code of only (well suposed to be...) two products. Lucky for me the product code is based on the primary key, the store branch, and category. So I just ran a update query to reconstruct the original product item no.

    This solution might not be elegant, but will save paper in the sense of less written warning will be be issued to slightly careless developers/dba's

    From my side, Thank you.

  • Thanks 🙂

  • Hello,

    just to finish undestanding, I would like to know in which cases @@rowcount can be greater than the number of rows. If anybody could explain I would appreciate.

    Kind regards

  • What is the performance hit for this. I administer some databases with 100 million records, being hit millions of time a day, there are stored procedures that have updates, and deletes aplenty. If every one of these is causing this trigger to fire, I am sure there will be a performance cost?

    Darren Beevers

  • I appreciate your hard work and thank you for sharing - as with all these things I hope that the outcome of the discussion will be a revised article with even better code.

    If I am not mistaken (which I often am :-D) I could set off an update without a where clause and someone else could insert records while the update is running.

    The original update may update fewer than the (new) total number of rows now in the table and allow the update....

    Also, the title is misleading - there is no requirement for a WHERE clause enforced by this trigger.

    MM



    select geometry::STGeomFromWKB(0x0106000000020000000103000000010000000B0000001000000000000840000000000000003DD8CCCCCCCCCC0840000000000000003DD8CCCCCCCCCC08408014AE47E17AFC3F040000000000104000CDCCCCCCCCEC3F9C999999999913408014AE47E17AFC3F9C99999999991340000000000000003D0000000000001440000000000000003D000000000000144000000000000000400400000000001040000000000000F03F100000000000084000000000000000401000000000000840000000000000003D0103000000010000000B000000000000000000143D000000000000003D009E99999999B93F000000000000003D009E99999999B93F8014AE47E17AFC3F400000000000F03F00CDCCCCCCCCEC3FA06666666666FE3F8014AE47E17AFC3FA06666666666FE3F000000000000003D1800000000000040000000000000003D18000000000000400000000000000040400000000000F03F000000000000F03F000000000000143D0000000000000040000000000000143D000000000000003D, 0);

  • Forum Etiquette: How to post Reporting Services problems
  • [/url]
  • Forum Etiquette: How to post data/code on a forum to get the best help - by Jeff Moden
  • [/url]
  • How to Post Performance Problems - by Gail Shaw
  • [/url]

  • The problem statement is weak as no developer will usually be allowed to issue random Update statements on a financial production environment. Also a developer who forgets to include a WHERE clause may make mistake in forming the WHERE clause and still can cause updating wrong set of data. So, you may consider copying the records to an AUDIT table from DELETED set in your trigger for auditing and reconciliation purpose rather than focusing on row_count.

    -SB

  • luciano furlan (1/25/2011)


    It is a smart workaround, but it doesn't really solve the problem in an elegant way.

    I miss a configuration on Sql server that states "Where Clause mandatory". For all tables, for all Sql statements.

    I fear every day, that I will forget the where clause eventually and destroy an entire table.

    And guess what: Sql doesn't have an Undo button!

    But still if you need (and you will need) you can write "Where 1=1", to update/delete every record in a table.

    Your workaround treats it like a "missing where".

    You can see the difference between an accidentaly forgoten where and one you written on purpose.

    I believe this is a huge "security hole" in the Sql language. And yet it stays with us for so many years (and so many tears).

    I disagree: what about using transactions?

    In general, this trigger affects performance just to prevent programmers errors.

    Before any DDL or MDL I use the fantastic "SET IMPLICIT_TRANSACTIONS ON".

    and only when I sure of modification I run the COMMIT command.

  • carlos.ramon.martinez (1/25/2011)


    Hello,

    just to finish undestanding, I would like to know in which cases @@rowcount can be greater than the number of rows. If anybody could explain I would appreciate.

    Kind regards

    Rowcount can be greater than the number of rows listed in the statistics if the statistics have not yet been updated for recently added rows.

    [font="Arial"]_______________________________________________________
    Change is inevitable... Except from a vending machine.[/font]

  • Viewing 15 posts - 1 through 15 (of 94 total)

    You must be logged in to reply to this topic. Login to reply