Multi-statement execution

SQLServerCentral is supported by Red Gate Software Ltd.

Popular Topics

Home

Members

Calendar

Who's On

Home » Article Discussions » Article Discussions by Author » Discuss content posted by Gennadiy Chornenkyy... » Multi-statement execution

47 posts, Page 2 of 5

««1 2 3 4 5 »»»

Multi-statement execution

Rate Topic

Display Mode

Topic Options

Author

Message

Simon Liddle

Posted Wednesday, February 03, 2010 3:35 AM

SSC Eights!

Group: General Forum Members
Last Login: Yesterday @ 9:41 AM
Points: 923, Visits: 2,942

Interesting question - I guessed 0 rows - I thought that the dynamic SQL would execute and the results from the last statement - the delete statement would be inserted. Not really tried anything like this before - going to have a play with executing multiple statements in EXEC() and find out how it affects other things like @@rowcount as well. Smile

Post #858488

Sree Arjun Div

Posted Wednesday, February 03, 2010 3:37 AM

SSCrazy

Group: General Forum Members
Last Login: Wednesday, May 08, 2013 3:44 AM
Points: 2,173, Visits: 1,350

Really This is not easy for sql newbies .Tricky question
But You Can Learn more knowledge by this

Post #858489

Simon Liddle

Posted Wednesday, February 03, 2010 3:45 AM

SSC Eights!

Group: General Forum Members
Last Login: Yesterday @ 9:41 AM
Points: 923, Visits: 2,942

Simon Liddle (2/3/2010)

I thought that the dynamic SQL would execute and the results from the last statement - the delete statement would be inserted.

...and that is nonsense the more I think about it! :)

Post #858491

Joy Smith San

Posted Wednesday, February 03, 2010 3:47 AM

Ten Centuries

Group: General Forum Members
Last Login: Yesterday @ 3:25 AM
Points: 1,371, Visits: 2,302

Ninja's_RGR'us (2/3/2010)

Joy Smith San (2/3/2010)

Wel, Usualy I answer the question by reading it on the screen itself. I never copy and paste it in query analyzer.Had I copied it in query analyzer and read I would have definetly give right answer. Hence I dint feel it's a good question.

So good questions are only the ones you can answer???

I dint mean it. I mean to say, this question is just tricky.
Playing with words and nothing else.

Post #858493

Joy Smith San

Posted Wednesday, February 03, 2010 3:55 AM

Ten Centuries

Group: General Forum Members
Last Login: Yesterday @ 3:25 AM
Points: 1,371, Visits: 2,302

Simon Liddle (2/3/2010)

Joy Smith San (2/3/2010)

I don't understand how your reliance on reading the code in QA to get it right has any bearing on the question being good or not.... Unsure

How would reading it in QA (I assume you do mean reading and not executing) have caused you to work out a different answer?

Yes, you are right. I dont execute and just read it.
The difference is that, as you know when you copy it in QA color changes. I would have easily found that delete statement was a string appended to the insert statement.

Anyways, I was just saying my opinion. Hope I have the freedom to post what I feel, instead of simply praising always.

And yes, probably for a beginner it might be a good question. I agree.

Post #858495

honza.mf

Posted Wednesday, February 03, 2010 4:32 AM

Ten Centuries

Group: General Forum Members
Last Login: Yesterday @ 2:05 AM
Points: 1,103, Visits: 1,200

Very nice question. Nice SQL inject with a side effect.
I hope I will never use something like this one.

See, understand, learn, try, use efficient
© Dr.Plch

Post #858512

ronmoses

Posted Wednesday, February 03, 2010 5:39 AM

SSChasing Mays

Group: General Forum Members
Last Login: Yesterday @ 10:36 AM
Points: 651, Visits: 688

An excellent question. The best questions get you thinking in new ways about tools you use all the time, and this certainly fits the bill.

Ultimately it came down to a coin-flip for me (which I consider a fail regardless of the fact that I picked the right answer), but once I read the explanation it made perfect sense. Of course the DSQL is going to execute completely before the insert takes place. Duh!

That said, I would never write code like this, but who knows... some day I might need a magic trick, and this example might point me in the right direction! Smile

-----
a haiku...

NULL is not zero
NULL is not an empty string
NULL is the unknown

Post #858548

ColdCoffee

Posted Wednesday, February 03, 2010 6:11 AM

SSCrazy

Group: General Forum Members
Last Login: Wednesday, May 01, 2013 4:37 PM
Points: 2,248, Visits: 5,352

nice question sir

Post #858568

Ronald H

Posted Wednesday, February 03, 2010 6:45 AM

Ten Centuries

Group: General Forum Members
Last Login: Friday, November 30, 2012 1:52 AM
Points: 1,116, Visits: 602

I guess the color coding in QA/SSMS does it? Paste it instead into Notepad++ or an equal text editor that has color coding for SQL, so you can't accidentally execute the code...

Anyone who has to deal with SQL injection can learn from this though, so I think it's a good question.

Ronald Hensbergen

Help us, help yourself... Post data so we can read and use it: http://www.sqlservercentral.com/articles/Best+Practices/61537/
-------------------------------------------------------------------------
2+2=5 for significant large values of 2

Post #858602

Steve Eckhart

Posted Wednesday, February 03, 2010 7:38 AM

SSC Eights!

Group: General Forum Members
Last Login: Wednesday, May 01, 2013 7:27 AM
Points: 905, Visits: 8,640

Thanks for a good question. For some reason, I was thinking that what would be inserted would be the deletion of the table.

Steve Eckhart

Post #858669

« Prev Topic | Next Topic »

47 posts, Page 2 of 5

««1 2 3 4 5 »»»

Permissions