How to Safely Parameterize Table Names
Protecting against SQL Injection Part 2
Watch this week's video on YouTube
Last week we talked about building dynamic SQL queries and how doing so might leave you open to SQL injection...
2017-09-05
9 reads
Bert Wagner
Warning! Are your queries vulnerable to SQL injection?
Watch this week's video on YouTube
Looking for a script to find possible SQL injection vulnerabilities on your server? Scroll to the bottom of this post.
OWASP names SQL injection as...
2017-08-29
14 reads
How to Search and Destroy Non-SARGable Queries on Your Server
Unexpected SQL Server Performance Killers #3
Watch this week's video on YouTube
In this series I explore scenarios that hurt SQL Server performance and show you how to avoid them. Pulled...
2017-08-22
12 reads
How to Eliminate Ugly Nested REPLACE() Functions
Watch this week's video on YouTube
How many times have you had to transform some column value and ended up stacking several nested SQL REPLACE() functions like this?
-- Input: Red,...
2017-08-15
13 reads
SQLskills is Giving Away Free Training!
SQLskills is giving away free training for their performance tuning and optimization classes. My entry for the competition is below. If you decide to enter for yourself, entries are...
2017-08-11
2 reads
Why Parameter Sniffing Isn't Always A Bad Thing (But Usually Is)
In this series I explore scenarios that hurt SQL Server performance and show you how to avoid them. Pulled from my collection of "things I didn't know I was...
2017-08-08
6 reads
Are your indexes being thwarted by mismatched datatypes?
In this series I explore scenarios that hurt SQL Server performance and show you how to avoid them. Pulled from my collection of "things I didn't know I was...
2017-08-01
6 reads
One SSMS Trick That Will Make You a Faster Query Builder
Watch this week's video on YouTube
Here's the scenario: you copy and paste some code into a query you are building. A few minutes later you need that same snippet...
2017-07-25
7 reads
How to Use SQL Temporal Tables For Easy Point-In-Time Analysis
Watch this week's video on YouTube
Have you ever needed to look at what data in a table used to look like?
If you have, it probably took a knuckle-cracking filled...
2017-07-20
8 reads
Here's a Quick Way To Generate a Running Total in SQL Server
Watch this week's video on YouTube
Historically it's been difficult to accomplish certain tasks in SQL Server.
Probably the most annoying problem I had to do regularly before SQL Server 2012...
2017-07-18
25 reads
Blogs
Resetting on the AI hype train
By Brian Kelley
There's a great article from MIT Technology Review about resetting on the hype of...
A New Word: Etherness
By Steve Jones
etherness – n. the wistful feeling of looking around a gathering of loved ones,...
Vibe Coding a Login Tracking System
By Steve Jones
A customer was asking about tracking logins and logouts in Redgate Monitor. We don’t...
Forums
The Microsoft SQL Year in Review
Comments posted to this topic are about the item The Microsoft SQL Year in...
T-SQL in SQL Server 2025: The || Operator
Comments posted to this topic are about the item T-SQL in SQL Server 2025:...
Your Value from a Conference
Comments posted to this topic are about the item Your Value from a Conference
Question of the Day
UNISTR Basics
What does this code return in SQL Server 2025+? (assume the database has an appropriate collation)
SELECT UNISTR('Hello 4E16754C') AS 'A Classic';
A: 
B: 
See possible answers