SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


Multi-statement execution


Multi-statement execution

Author
Message
sknox
sknox
SSCarpal Tunnel
SSCarpal Tunnel (4K reputation)SSCarpal Tunnel (4K reputation)SSCarpal Tunnel (4K reputation)SSCarpal Tunnel (4K reputation)SSCarpal Tunnel (4K reputation)SSCarpal Tunnel (4K reputation)SSCarpal Tunnel (4K reputation)SSCarpal Tunnel (4K reputation)

Group: General Forum Members
Points: 4020 Visits: 2925
Very good question. You can find some documentation supporting this behavior here:
http://msdn.microsoft.com/en-us/library/aa933206(SQL.80).aspx
Specifically:

If execute_statement is used with INSERT, each result set (my emphasis) must be compatible with the columns in the table or in column_list.


While not saying it outright, that implies that the result set of each statement executed is returned to be inserted.
Kelsey Thornton
Kelsey Thornton
SSC Eights!
SSC Eights! (881 reputation)SSC Eights! (881 reputation)SSC Eights! (881 reputation)SSC Eights! (881 reputation)SSC Eights! (881 reputation)SSC Eights! (881 reputation)SSC Eights! (881 reputation)SSC Eights! (881 reputation)

Group: General Forum Members
Points: 881 Visits: 282
honza.mf (2/3/2010)
Very nice question. Nice SQL inject with a side effect.
I hope I will never use something like this one.

I agree with both sentiments!

It was a tricky question, made a little easier if you paste the command into a context-sensitive editor/Query tool

Kelsey Thornton
MBCS CITP
sqlusers
sqlusers
Mr or Mrs. 500
Mr or Mrs. 500 (561 reputation)Mr or Mrs. 500 (561 reputation)Mr or Mrs. 500 (561 reputation)Mr or Mrs. 500 (561 reputation)Mr or Mrs. 500 (561 reputation)Mr or Mrs. 500 (561 reputation)Mr or Mrs. 500 (561 reputation)Mr or Mrs. 500 (561 reputation)

Group: General Forum Members
Points: 561 Visits: 512
Good Question. Thanks...

But, can you tell me how to delete the "@Sql_str" string value without restarting the sql services?
paul.goldstraw
paul.goldstraw
SSCommitted
SSCommitted (1.5K reputation)SSCommitted (1.5K reputation)SSCommitted (1.5K reputation)SSCommitted (1.5K reputation)SSCommitted (1.5K reputation)SSCommitted (1.5K reputation)SSCommitted (1.5K reputation)SSCommitted (1.5K reputation)

Group: General Forum Members
Points: 1506 Visits: 1765
I liked the question, even though I got it wrong.

I answered 10 because I misunderstood how the row_num was going to work. I have been working with row_num quite a lot recently where I group by to match duplicates, so i was thinking it was a trick question where each row would have a row_num of 1 because each object_id was different, therefore it wouldn't count up, and all records would then qualify in the later statement, but this wasn't the case. I did catch the rest of it though Smile

Paul
gchornenkyy
gchornenkyy
SSC-Addicted
SSC-Addicted (456 reputation)SSC-Addicted (456 reputation)SSC-Addicted (456 reputation)SSC-Addicted (456 reputation)SSC-Addicted (456 reputation)SSC-Addicted (456 reputation)SSC-Addicted (456 reputation)SSC-Addicted (456 reputation)

Group: General Forum Members
Points: 456 Visits: 402
sqlusers (2/5/2010)
Good Question. Thanks...

But, can you tell me how to delete the "@Sql_str" string value without restarting the sql services?


Did you mean something like that?

Assign NULL value:
select @Sql_str = null

or balnk / empty string:
select @Sql_str = ''

Regards,
Gennadiy
Kelsey Thornton
Kelsey Thornton
SSC Eights!
SSC Eights! (881 reputation)SSC Eights! (881 reputation)SSC Eights! (881 reputation)SSC Eights! (881 reputation)SSC Eights! (881 reputation)SSC Eights! (881 reputation)SSC Eights! (881 reputation)SSC Eights! (881 reputation)

Group: General Forum Members
Points: 881 Visits: 282
sqlusers (2/5/2010)
Good Question. Thanks...

But, can you tell me how to delete the "@Sql_str" string value without restarting the sql services?

It's a temporary variable that gets automatically deleted when the client session ends.

Is that what you meant?

Kelsey Thornton
MBCS CITP
Joseph D. Marsh
Joseph D. Marsh
SSC-Enthusiastic
SSC-Enthusiastic (107 reputation)SSC-Enthusiastic (107 reputation)SSC-Enthusiastic (107 reputation)SSC-Enthusiastic (107 reputation)SSC-Enthusiastic (107 reputation)SSC-Enthusiastic (107 reputation)SSC-Enthusiastic (107 reputation)SSC-Enthusiastic (107 reputation)

Group: General Forum Members
Points: 107 Visits: 60
I chose 4, but (as it turns out) I was guessing. (I thought I knew what was going on, chose an answer and clicked 'Submit' before actually studying the question -- yes, that's a problem I'm working on)

After re-reading the explanation, as well as all of the posts in this thread, I'm not clear on what is happening exactly.

As a Rookie, this is what I *think* is happening:
1. Temp table is created
2. 10 records are created in temp table
3. 4 More records are added to temp table (first part of @sql_str)
4. All records are deleted from temp table (second part of @sql_str)

Obviously, that is not the case. I can't find anything in BOL to help figger this out. Any help?

Thanks in advance,
- Joseph Marsh

Thanks,
- Joseph Marsh
gchornenkyy
gchornenkyy
SSC-Addicted
SSC-Addicted (456 reputation)SSC-Addicted (456 reputation)SSC-Addicted (456 reputation)SSC-Addicted (456 reputation)SSC-Addicted (456 reputation)SSC-Addicted (456 reputation)SSC-Addicted (456 reputation)SSC-Addicted (456 reputation)

Group: General Forum Members
Points: 456 Visits: 402
JosephDMarsh (2/5/2010)
I chose 4, but (as it turns out) I was guessing. (I thought I knew what was going on, chose an answer and clicked 'Submit' before actually studying the question -- yes, that's a problem I'm working on)

After re-reading the explanation, as well as all of the posts in this thread, I'm not clear on what is happening exactly.

As a Rookie, this is what I *think* is happening:
1. Temp table is created
2. 10 records are created in temp table
3. 4 More records are added to temp table (first part of @sql_str)
4. All records are deleted from temp table (second part of @sql_str)

Obviously, that is not the case. I can't find anything in BOL to help figger this out. Any help?

Thanks in advance,
- Joseph Marsh


Some corrections:
3. 4 rows selected and save somewhere in SQL buffer as a result set
4. All records are deleted from temp table (second part of @sql_str)
5. 4 rows from result set generated on step 3 re-inserted (as a result of D-SQL batch execution)

To understand it better just imagine that D-SQL is executed as a Stored Procedure (or could be)

insert into <table>
exec <SP with 2 statements>

Regards,
Gennadiy
Oleg Netchaev
Oleg Netchaev
SSCrazy
SSCrazy (2.2K reputation)SSCrazy (2.2K reputation)SSCrazy (2.2K reputation)SSCrazy (2.2K reputation)SSCrazy (2.2K reputation)SSCrazy (2.2K reputation)SSCrazy (2.2K reputation)SSCrazy (2.2K reputation)

Group: General Forum Members
Points: 2205 Visits: 1817
JosephDMarsh (2/5/2010)
I chose 4, but (as it turns out) I was guessing. (I thought I knew what was going on, chose an answer and clicked 'Submit' before actually studying the question -- yes, that's a problem I'm working on)

After re-reading the explanation, as well as all of the posts in this thread, I'm not clear on what is happening exactly.

As a Rookie, this is what I *think* is happening:
1. Temp table is created
2. 10 records are created in temp table
3. 4 More records are added to temp table (first part of @sql_str)
4. All records are deleted from temp table (second part of @sql_str)

Obviously, that is not the case. I can't find anything in BOL to help figger this out. Any help?

Thanks in advance,
- Joseph Marsh


Joseph,

You are correct, but step 3 needs tweaking and last important step is missing. Here is what is happening:

1. Temp table is created
2. 10 records are inserted into the temp table
3. The dynamic sql is examined and then executed by the engine. Since the first part of the dynamic sql selects 4 records, those are placed on the heap (saved in memory) in order to be returned back when needed. They cannot be returned back as of yet because the dynamic sql has second part.
4. All records (10 to be exact) are deleted from the temp table.
5. insert into part now kicks in and what the engine sees at this point is to execute the following: insert into temp table select whatever was selected and saved on the heap from the executing dynamic sql, which happens to be select first 4 records from temp table. Thus, the 4 originally selected records are inserted back into the temp table after every row has just been deleted from it. 4 records inserted into empty table make the table now have 4 records.

Hope this helps.

This is why I mentioned in my earlier post that if you were to replace the delete from temp table (second portion of the dynamic sql) with something like select 99, 99 then results of the first select (4 records) will be inserted and the results of the second select (one record) will be inserted as well and the result will then be 15 records in the temp table. And if you were to replace the delete from temp table part with the select of a different shape (something like select 1) then nothing will be inserted because the second select will return data not compatible with expected shape (2 columns per record returned).

Oleg

Oleg
Joseph D. Marsh
Joseph D. Marsh
SSC-Enthusiastic
SSC-Enthusiastic (107 reputation)SSC-Enthusiastic (107 reputation)SSC-Enthusiastic (107 reputation)SSC-Enthusiastic (107 reputation)SSC-Enthusiastic (107 reputation)SSC-Enthusiastic (107 reputation)SSC-Enthusiastic (107 reputation)SSC-Enthusiastic (107 reputation)

Group: General Forum Members
Points: 107 Visits: 60
AH -- now I get it (thank you Oleg and Gennadiy). Here's the source of my confusion: I was thinking that this ...

insert into #funny_Test
exec(@Sql_str)


... resolved into this ...

insert into #funny_Test
select id, row_num from #funny_Test where row_num < 5
delete from #funny_Test


... which would INSERT the 4 records first, then delete all of the records in the table.

BUT, now I understand that while the SELECT statement does execute and return records, the INSERT statement doesn't get that data and insert it until after the DELETE statement executes.

Very Nice. This is my "New Thing I Learned Today". And it's not even noon yet (where I am)!

Thanks,
- Joseph Marsh
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search