Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase «««12345»»

Multi-statement execution Expand / Collapse
Author
Message
Posted Thursday, February 4, 2010 12:55 PM
Ten Centuries

Ten CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen Centuries

Group: General Forum Members
Last Login: Yesterday @ 6:03 PM
Points: 1,293, Visits: 1,644
Very good question. You can find some documentation supporting this behavior here:
http://msdn.microsoft.com/en-us/library/aa933206(SQL.80).aspx
Specifically:

If execute_statement is used with INSERT, each result set (my emphasis) must be compatible with the columns in the table or in column_list.


While not saying it outright, that implies that the result set of each statement executed is returned to be inserted.
Post #859894
Posted Friday, February 5, 2010 1:06 AM


Mr or Mrs. 500

Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500

Group: General Forum Members
Last Login: Thursday, March 27, 2014 8:16 AM
Points: 534, Visits: 282
honza.mf (2/3/2010)
Very nice question. Nice SQL inject with a side effect.
I hope I will never use something like this one.

I agree with both sentiments!

It was a tricky question, made a little easier if you paste the command into a context-sensitive editor/Query tool


Kelsey Thornton
MBCS CITP
Post #860209
Posted Friday, February 5, 2010 3:13 AM


SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: Wednesday, June 18, 2014 3:47 AM
Points: 199, Visits: 512
Good Question. Thanks...

But, can you tell me how to delete the "@Sql_str" string value without restarting the sql services?
Post #860277
Posted Friday, February 5, 2010 3:46 AM
Ten Centuries

Ten CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen Centuries

Group: General Forum Members
Last Login: Today @ 5:48 AM
Points: 1,023, Visits: 1,388
I liked the question, even though I got it wrong.

I answered 10 because I misunderstood how the row_num was going to work. I have been working with row_num quite a lot recently where I group by to match duplicates, so i was thinking it was a trick question where each row would have a row_num of 1 because each object_id was different, therefore it wouldn't count up, and all records would then qualify in the later statement, but this wasn't the case. I did catch the rest of it though :)

Paul
Post #860295
Posted Friday, February 5, 2010 6:30 AM
Old Hand

Old HandOld HandOld HandOld HandOld HandOld HandOld HandOld Hand

Group: General Forum Members
Last Login: Wednesday, April 30, 2014 11:35 AM
Points: 311, Visits: 284
sqlusers (2/5/2010)
Good Question. Thanks...

But, can you tell me how to delete the "@Sql_str" string value without restarting the sql services?


Did you mean something like that?

Assign NULL value:
select @Sql_str = null

or balnk / empty string:
select @Sql_str = ''

Regards,
Gennadiy
Post #860387
Posted Friday, February 5, 2010 8:27 AM


Mr or Mrs. 500

Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500

Group: General Forum Members
Last Login: Thursday, March 27, 2014 8:16 AM
Points: 534, Visits: 282
sqlusers (2/5/2010)
Good Question. Thanks...

But, can you tell me how to delete the "@Sql_str" string value without restarting the sql services?

It's a temporary variable that gets automatically deleted when the client session ends.

Is that what you meant?


Kelsey Thornton
MBCS CITP
Post #860505
Posted Friday, February 5, 2010 8:29 AM
SSC Journeyman

SSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC Journeyman

Group: General Forum Members
Last Login: Saturday, August 24, 2013 10:11 AM
Points: 83, Visits: 60
I chose 4, but (as it turns out) I was guessing. (I thought I knew what was going on, chose an answer and clicked 'Submit' before actually studying the question -- yes, that's a problem I'm working on)

After re-reading the explanation, as well as all of the posts in this thread, I'm not clear on what is happening exactly.

As a Rookie, this is what I *think* is happening:
1. Temp table is created
2. 10 records are created in temp table
3. 4 More records are added to temp table (first part of @sql_str)
4. All records are deleted from temp table (second part of @sql_str)

Obviously, that is not the case. I can't find anything in BOL to help figger this out. Any help?

Thanks in advance,
- Joseph Marsh


Thanks,
- Joseph Marsh
Post #860507
Posted Friday, February 5, 2010 8:44 AM
Old Hand

Old HandOld HandOld HandOld HandOld HandOld HandOld HandOld Hand

Group: General Forum Members
Last Login: Wednesday, April 30, 2014 11:35 AM
Points: 311, Visits: 284
JosephDMarsh (2/5/2010)
I chose 4, but (as it turns out) I was guessing. (I thought I knew what was going on, chose an answer and clicked 'Submit' before actually studying the question -- yes, that's a problem I'm working on)

After re-reading the explanation, as well as all of the posts in this thread, I'm not clear on what is happening exactly.

As a Rookie, this is what I *think* is happening:
1. Temp table is created
2. 10 records are created in temp table
3. 4 More records are added to temp table (first part of @sql_str)
4. All records are deleted from temp table (second part of @sql_str)

Obviously, that is not the case. I can't find anything in BOL to help figger this out. Any help?

Thanks in advance,
- Joseph Marsh


Some corrections:
3. 4 rows selected and save somewhere in SQL buffer as a result set
4. All records are deleted from temp table (second part of @sql_str)
5. 4 rows from result set generated on step 3 re-inserted (as a result of D-SQL batch execution)

To understand it better just imagine that D-SQL is executed as a Stored Procedure (or could be)

insert into <table>
exec <SP with 2 statements>

Regards,
Gennadiy
Post #860530
Posted Friday, February 5, 2010 8:49 AM
SSCommitted

SSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommitted

Group: General Forum Members
Last Login: Thursday, July 10, 2014 12:49 PM
Points: 1,676, Visits: 1,754
JosephDMarsh (2/5/2010)
I chose 4, but (as it turns out) I was guessing. (I thought I knew what was going on, chose an answer and clicked 'Submit' before actually studying the question -- yes, that's a problem I'm working on)

After re-reading the explanation, as well as all of the posts in this thread, I'm not clear on what is happening exactly.

As a Rookie, this is what I *think* is happening:
1. Temp table is created
2. 10 records are created in temp table
3. 4 More records are added to temp table (first part of @sql_str)
4. All records are deleted from temp table (second part of @sql_str)

Obviously, that is not the case. I can't find anything in BOL to help figger this out. Any help?

Thanks in advance,
- Joseph Marsh


Joseph,

You are correct, but step 3 needs tweaking and last important step is missing. Here is what is happening:

1. Temp table is created
2. 10 records are inserted into the temp table
3. The dynamic sql is examined and then executed by the engine. Since the first part of the dynamic sql selects 4 records, those are placed on the heap (saved in memory) in order to be returned back when needed. They cannot be returned back as of yet because the dynamic sql has second part.
4. All records (10 to be exact) are deleted from the temp table.
5. insert into part now kicks in and what the engine sees at this point is to execute the following: insert into temp table select whatever was selected and saved on the heap from the executing dynamic sql, which happens to be select first 4 records from temp table. Thus, the 4 originally selected records are inserted back into the temp table after every row has just been deleted from it. 4 records inserted into empty table make the table now have 4 records.

Hope this helps.

This is why I mentioned in my earlier post that if you were to replace the delete from temp table (second portion of the dynamic sql) with something like select 99, 99 then results of the first select (4 records) will be inserted and the results of the second select (one record) will be inserted as well and the result will then be 15 records in the temp table. And if you were to replace the delete from temp table part with the select of a different shape (something like select 1) then nothing will be inserted because the second select will return data not compatible with expected shape (2 columns per record returned).

Oleg

Oleg
Post #860539
Posted Friday, February 5, 2010 9:00 AM
SSC Journeyman

SSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC Journeyman

Group: General Forum Members
Last Login: Saturday, August 24, 2013 10:11 AM
Points: 83, Visits: 60
AH -- now I get it (thank you Oleg and Gennadiy). Here's the source of my confusion: I was thinking that this ...

insert into #funny_Test
exec(@Sql_str)


... resolved into this ...

insert into #funny_Test
select id, row_num from #funny_Test where row_num < 5
delete from #funny_Test


... which would INSERT the 4 records first, then delete all of the records in the table.

BUT, now I understand that while the SELECT statement does execute and return records, the INSERT statement doesn't get that data and insert it until after the DELETE statement executes.

Very Nice. This is my "New Thing I Learned Today". And it's not even noon yet (where I am)!


Thanks,
- Joseph Marsh
Post #860553
« Prev Topic | Next Topic »

Add to briefcase «««12345»»

Permissions Expand / Collapse