How to Safely Parameterize Table Names
Protecting against SQL Injection Part 2
Watch this week's video on YouTube
Last week we talked about building dynamic SQL queries and how doing so might leave you open to SQL injection...
2017-09-05
7 reads
Bert Wagner
Warning! Are your queries vulnerable to SQL injection?
Watch this week's video on YouTube
Looking for a script to find possible SQL injection vulnerabilities on your server? Scroll to the bottom of this post.
OWASP names SQL injection as...
2017-08-29
11 reads
How to Search and Destroy Non-SARGable Queries on Your Server
Unexpected SQL Server Performance Killers #3
Watch this week's video on YouTube
In this series I explore scenarios that hurt SQL Server performance and show you how to avoid them. Pulled...
2017-08-22
9 reads
How to Eliminate Ugly Nested REPLACE() Functions
Watch this week's video on YouTube
How many times have you had to transform some column value and ended up stacking several nested SQL REPLACE() functions like this?
-- Input: Red,...
2017-08-15
10 reads
SQLskills is Giving Away Free Training!
SQLskills is giving away free training for their performance tuning and optimization classes. My entry for the competition is below. If you decide to enter for yourself, entries are...
2017-08-11
1 reads
Why Parameter Sniffing Isn't Always A Bad Thing (But Usually Is)
In this series I explore scenarios that hurt SQL Server performance and show you how to avoid them. Pulled from my collection of "things I didn't know I was...
2017-08-08
5 reads
Are your indexes being thwarted by mismatched datatypes?
In this series I explore scenarios that hurt SQL Server performance and show you how to avoid them. Pulled from my collection of "things I didn't know I was...
2017-08-01
3 reads
One SSMS Trick That Will Make You a Faster Query Builder
Watch this week's video on YouTube
Here's the scenario: you copy and paste some code into a query you are building. A few minutes later you need that same snippet...
2017-07-25
6 reads
How to Use SQL Temporal Tables For Easy Point-In-Time Analysis
Watch this week's video on YouTube
Have you ever needed to look at what data in a table used to look like?
If you have, it probably took a knuckle-cracking filled...
2017-07-20
7 reads
Here's a Quick Way To Generate a Running Total in SQL Server
Watch this week's video on YouTube
Historically it's been difficult to accomplish certain tasks in SQL Server.
Probably the most annoying problem I had to do regularly before SQL Server 2012...
2017-07-18
24 reads
Blogs
PASS: Quantum Computing Slides
By Brian Kelley
If you're an attendee at the PASS Data Community Summit this year, there are...
A New Word: Dead Reckoning
By Steve Jones
dead reckoning– v. intr. finding yourself bothered by somebody’s death more than you would...
PASS Data Community Summit 2025 Slides and Code
By alevyinroc
Thank you for attending my PASS Summit 2025 session Answering the Auditor’s Call with...
Forums
Personal Contact Is Vital
Comments posted to this topic are about the item Personal Contact Is Vital
Getting the Schema for Tables
Comments posted to this topic are about the item Getting the Schema for Tables
An Unexciting Exciting Release
Comments posted to this topic are about the item An Unexciting Exciting Release
Question of the Day
Getting the Schema for Tables
What happens when I run this on SQL Server 2022 in the AdventureWorks2022 database?
SELECT OBJECT_DEFINITION (OBJECT_ID(N'Person.Person')) AS [Object Definition]; GOSee possible answers