How To Steal Data Using Second Order SQL Injection Attacks
One misconception some people have about SQL injection is that it can only happen when concatenating a user input parameter...
2018-03-27 (first published: 2018-03-20)
4,970 reads
Bert Wagner
How To Steal Data Using Second Order SQL Injection Attacks
Watch this week's video on YouTube
One misconception some people have about SQL injection is that it can only happen when concatenating a user input parameter directly into your dynamically...
2018-03-20
4 reads
How To Steal Data Using Second Order SQL Injection Attacks
Watch this week's video on YouTube
One misconception some people have about SQL injection is that it can only happen when concatenating a user input parameter directly into your dynamically...
2018-03-20
2 reads
Full Automatic Tuning: SQL Server 2026’s Most Killer Feature
This post is a response to this month’s T-SQL Tuesday #100 prompt by the creator of T-SQL Tuesday himself, Adam Machanic. ...
2018-03-13
273 reads
Full Automatic Tuning: SQL Server 2026's Most Killer Feature
This post is a response to this month's T-SQL Tuesday #100 prompt by the creator of T-SQL Tuesday himself, Adam Machanic. T-SQL Tuesday is a way for SQL Server bloggers...
2018-03-13
2 reads
Full Automatic Tuning: SQL Server 2026's Most Killer Feature
This post is a response to this month's T-SQL Tuesday #100 prompt by the creator of T-SQL Tuesday himself, Adam Machanic. T-SQL Tuesday is a way for SQL Server bloggers...
2018-03-13
4 reads
2.5 Ways Your ORM Is Vulnerable To SQL Injection
Someone recently told me that they don’t need to worry about SQL injection because they are using an ORM.
Oh boy.
ORMs don’t...
2018-03-16 (first published: 2018-03-06)
2,829 reads
2.5 Ways Your ORM Is Vulnerable To SQL Injection
Someone recently told me that they don't need to worry about SQL injection because they are using an ORM.
Oh boy.
ORMs don't automatically prevent SQL injection
Watch this week's video on YouTube
Object-relational...
2018-03-06
5 reads
Splitting It Up: Side by Side Queries In SSMS
There are times when you are writing a query while referencing another piece of information: the results of another query,...
2018-02-27
277 reads
Splitting It Up: Side by Side Queries In SSMS
There are times when you are writing a query while referencing another piece of information: the results of another query, a variable value, a webpage, etc...
If using two monitors...
2018-02-27
8 reads
Blogs
The Book of Redgate: We Value Teams
By Steve Jones
This value is something that I still hear today: our best work is done...
Troubleshooting TempDB Log Full Errors When SSMS Won’t Connect
By gbargsley
Have you ever received the dreaded error from SQL Server that the TempDB log...
Accelerating AI with Confidence: Why Microsoft Purview is Key to Responsible Innovation
By Chris Yates
Artificial intelligence is no longer a distant concept. It is here, embedded in the...
Forums
Planning for tomorrow, today - database migrations
Comments posted to this topic are about the item Planning for tomorrow, today -...
Bottlenecks on SQL Server performance
We have a BI-application that connects to input tables on a SQL Server 2022...
Is there some good routines for updating SQL Server database objects with GitHub
At work we've been getting better at writing what's known as GitHub Actions (workflows,...
Question of the Day
The Tightly Linked View
I try to run this code on SQL Server 2022. All the objects exist in the database.
CREATE OR ALTER VIEW OrderShipping
AS
SELECT cl.CityNameID,
cl.CityName,
o.OrderID,
o.Customer,
o.OrderDate,
o.CustomerID,
o.cityId
FROM dbo.CityList AS cl
INNER JOIN dbo.[Order] AS o ON o.cityId = cl.CityNameID
GO
CREATE OR ALTER FUNCTION GetShipCityForOrder
(
@OrderID INT
)
RETURNS VARCHAR(50)
WITH SCHEMABINDING
AS
BEGIN
DECLARE @city VARCHAR(50);
SELECT @city = os.CityName
FROM dbo.OrderShipping AS os
WHERE os.OrderID = @OrderID;
RETURN @city;
END;
go
What is the result? See possible answers