Mike C

Forum Replies Created

Viewing 15 posts - 271 through 285 (of 938 total)

RE: Cursors

Thanks Steve, appreciate it. I thought I was missing something obvious on this question 🙂

June 20, 2008 at 5:10 pm

#832127
RE: A Hex on Your Database

dobberteen (6/18/2008)
we've been getting hammered by the version of the attack that inserts the javascript mentioned above, thanks to a complete lack of input validation and total reliance on the:
rs.Source...

June 18, 2008 at 11:20 am

#830653
RE: Cursors

GSquared (6/18/2008)
liam.stirling (6/18/2008)
GSquared (6/18/2008)
Jim, Venky and Mike, run the sample from BOL. The second cursor, the one with the column_details data in it, returns a recordset. You can...

June 18, 2008 at 9:31 am

#830573
RE: Can I encrypt ntext and nvarchar(max) columns ?

The encryption and decryption functions return a varbinary(8000). Just use the + append operator and a WHILE loop. There are a few blogs worth checking out, especially the...

June 18, 2008 at 8:31 am

#830499
RE: Cursors

I think the numbers tell the story here - 97% of us got the answer to this QoD wrong, only 3% got it right. That's not a normal distribution...

June 18, 2008 at 8:14 am

#830470
RE: Cursors

GSquared (6/18/2008)
I figured it out! On the describe_cursor_columns one, you don't get the number of rows in the original cursor, but you can count the number of rows in...

June 18, 2008 at 8:04 am

#830454
RE: Can I encrypt ntext and nvarchar(max) columns ?

The symmetric key encryption functions max out at 8,000 bytes returned. With SQL Server metadata and AES block size this means you can encrypt slightly less bytes than that...

June 17, 2008 at 11:00 pm

#830194
RE: Cursors

prabodh_castle (6/17/2008)
What does sp_decribe_cursor do? Has anyone seen such function or was it a typo :sick:?
No that's a correct system SP. I'm trying to figure out how to get...

June 17, 2008 at 10:53 pm

#830192
RE: A Hex on Your Database

timothyawiseman (6/6/2008)
Mike C (6/5/2008)
Hmmmm. This is what I get in SSMS:
"Msg 102, Level 15, State 1, Line 1
Incorrect syntax near '='."
Did you only us this portion:
declare @a varchar(1000);set @a=cast(0x73656C656374206E616D652066726F6D207379732E6461746162617365733B...

June 6, 2008 at 10:36 am

#825581
RE: A Hex on Your Database

Brad (6/6/2008)
Stored procedures have to be properly parameterized too. I've seen garbage like this way too many times:
string sql = "EXEC my_stored_proc " + param1;
Which still leaves you wide...

June 6, 2008 at 8:40 am

#825498
RE: A Hex on Your Database

Hugo Kornelis (6/6/2008)
Mike C (6/6/2008)
Stored procedures have to be properly parameterized too.
You posted this while I was composing my similar reply 🙂
Great minds think alike! 😀
Before I write I always...

June 6, 2008 at 8:21 am

#825477
RE: A Hex on Your Database

Brad (6/6/2008)
Good question, but the answer leaves me a bitter. I assumed Stored Procedures were in use with proper parameter types. (which is what I use). So...

June 6, 2008 at 8:14 am

#825472
RE: A Hex on Your Database

GSquared (6/6/2008)
The problem I was bringing up is that, according the news articles in May this year, thousands of servers did NOT have adequate SQL injection prevention measures, and according...

June 6, 2008 at 8:03 am

#825463
RE: A Hex on Your Database

Tao Klerks (6/6/2008)
Hi, the sample actually assumes old-style ASP (usually coded in VBScript), but the point is not the extraction of the list of databases.
Getting the list of databases using...

June 6, 2008 at 7:53 am

#825451
RE: A Hex on Your Database

Hugo Kornelis (6/6/2008)
Mike,
My assumption on reading the questing was that "account=" is generated by the page, and the rest comes from an input box. The user is supposed to just...

June 6, 2008 at 7:49 am

#825442

Viewing 15 posts - 271 through 285 (of 938 total)