Viewing 15 posts - 2,701 through 2,715 (of 7,631 total)
PhilM99 (5/4/2009)
It's hard to remember you started out to drain the swamp when you're up to your *** in alligators. --old IT saying
Sorry if I have offended the volunteers...
[font="Times New Roman"]-- RBarryYoung[/font], [font="Times New Roman"] (302)375-0451[/font] blog: MovingSQL.com, Twitter: @RBarryYoung[font="Arial Black"]
Proactive Performance Solutions, Inc. [/font][font="Verdana"] "Performance is our middle name."[/font]
May 4, 2009 at 8:46 am
Very nice article. Easy to read and very instructive. Thanks.
[font="Times New Roman"]-- RBarryYoung[/font], [font="Times New Roman"] (302)375-0451[/font] blog: MovingSQL.com, Twitter: @RBarryYoung[font="Arial Black"]
Proactive Performance Solutions, Inc. [/font][font="Verdana"] "Performance is our middle name."[/font]
May 4, 2009 at 8:36 am
Please see this article [/url]by some really smart guy who hangs out here.
[font="Times New Roman"]-- RBarryYoung[/font], [font="Times New Roman"] (302)375-0451[/font] blog: MovingSQL.com, Twitter: @RBarryYoung[font="Arial Black"]
Proactive Performance Solutions, Inc. [/font][font="Verdana"] "Performance is our middle name."[/font]
May 4, 2009 at 12:24 am
You will probably want to lookup INNER JOIN for this problem that looks an awful lot like homework .
[font="Times New Roman"]-- RBarryYoung[/font], [font="Times New Roman"] (302)375-0451[/font] blog: MovingSQL.com, Twitter: @RBarryYoung[font="Arial Black"]
Proactive Performance Solutions, Inc. [/font][font="Verdana"] "Performance is our middle name."[/font]
May 3, 2009 at 10:10 pm
Again, it's still not established that there is any SQL Injection attack possibility here. If the EXECUTE is not being given an enhanced security context (or relying on an...
[font="Times New Roman"]-- RBarryYoung[/font], [font="Times New Roman"] (302)375-0451[/font] blog: MovingSQL.com, Twitter: @RBarryYoung[font="Arial Black"]
Proactive Performance Solutions, Inc. [/font][font="Verdana"] "Performance is our middle name."[/font]
May 3, 2009 at 6:17 pm
QUOTENAME is probably safe (Microsoft recommends it but AFAIK has never affirmed that it is 100% safe), but "
PRINT ('select * from [' + @dbname + '].dbo.sysfiles')
Definitely is not. ...
[font="Times New Roman"]-- RBarryYoung[/font], [font="Times New Roman"] (302)375-0451[/font] blog: MovingSQL.com, Twitter: @RBarryYoung[font="Arial Black"]
Proactive Performance Solutions, Inc. [/font][font="Verdana"] "Performance is our middle name."[/font]
May 3, 2009 at 6:11 pm
Actually, there's not necessarily any danger of an Injection exploit yet. It all depends where @dbname cam from and whose authority is being used to execute the EXECUTE command.
[font="Times New Roman"]-- RBarryYoung[/font], [font="Times New Roman"] (302)375-0451[/font] blog: MovingSQL.com, Twitter: @RBarryYoung[font="Arial Black"]
Proactive Performance Solutions, Inc. [/font][font="Verdana"] "Performance is our middle name."[/font]
May 3, 2009 at 5:50 pm
Like this:
Declare @sql NVarchar(MAX);
Set @sql = '';
EXEC [dbo].[uspOrderDetail_Insert] '+@OrderID+','+utbCart.ProductID
+','''+utbCart.ReferenceName+''','+utbCart.Quantity
+','+utbCart.UnitCost+','+utbCart.ExtendedCost+''''
FROM utbCart WHERE
utbCart.CartID = @CartID
OR
utbCart.ShopperID = @ShopperID
Print...
[font="Times New Roman"]-- RBarryYoung[/font], [font="Times New Roman"] (302)375-0451[/font] blog: MovingSQL.com, Twitter: @RBarryYoung[font="Arial Black"]
Proactive Performance Solutions, Inc. [/font][font="Verdana"] "Performance is our middle name."[/font]
May 3, 2009 at 5:20 pm
First, my heartfelt thanks to Lynn, Jeff, Jack, Bruce and everyone else who pitched in to cover for me while I was in the hospital for the last week. ...
[font="Times New Roman"]-- RBarryYoung[/font], [font="Times New Roman"] (302)375-0451[/font] blog: MovingSQL.com, Twitter: @RBarryYoung[font="Arial Black"]
Proactive Performance Solutions, Inc. [/font][font="Verdana"] "Performance is our middle name."[/font]
May 3, 2009 at 3:46 pm
Jeff Moden (5/3/2009)
I've got 2k Dev, 2k5 Dev, and I'll soon have 2k8 Dev. I may also be...
[font="Times New Roman"]-- RBarryYoung[/font], [font="Times New Roman"] (302)375-0451[/font] blog: MovingSQL.com, Twitter: @RBarryYoung[font="Arial Black"]
Proactive Performance Solutions, Inc. [/font][font="Verdana"] "Performance is our middle name."[/font]
May 3, 2009 at 1:16 pm
I admit that I was a little confused at first also. But then I thought "well, Lynn wouldn't do (b) without also doing (c), so I guess I can...
[font="Times New Roman"]-- RBarryYoung[/font], [font="Times New Roman"] (302)375-0451[/font] blog: MovingSQL.com, Twitter: @RBarryYoung[font="Arial Black"]
Proactive Performance Solutions, Inc. [/font][font="Verdana"] "Performance is our middle name."[/font]
May 3, 2009 at 1:07 pm
Paul White (5/3/2009)
RBarryYoung (5/3/2009)
[font="Times New Roman"]-- RBarryYoung[/font], [font="Times New Roman"] (302)375-0451[/font] blog: MovingSQL.com, Twitter: @RBarryYoung[font="Arial Black"]
Proactive Performance Solutions, Inc. [/font][font="Verdana"] "Performance is our middle name."[/font]
May 3, 2009 at 2:43 am
Lynn Pettis (4/27/2009)
ALZDBA (4/27/2009)
First findings .... It no longer works .... SQL2008...
[font="Times New Roman"]-- RBarryYoung[/font], [font="Times New Roman"] (302)375-0451[/font] blog: MovingSQL.com, Twitter: @RBarryYoung[font="Arial Black"]
Proactive Performance Solutions, Inc. [/font][font="Verdana"] "Performance is our middle name."[/font]
May 3, 2009 at 12:55 am
Thanks, Roy.
[font="Times New Roman"]-- RBarryYoung[/font], [font="Times New Roman"] (302)375-0451[/font] blog: MovingSQL.com, Twitter: @RBarryYoung[font="Arial Black"]
Proactive Performance Solutions, Inc. [/font][font="Verdana"] "Performance is our middle name."[/font]
May 3, 2009 at 12:43 am
Jeff: I also have SQL Server 2008 Developer Edition on my laptop if you need it.
[font="Times New Roman"]-- RBarryYoung[/font], [font="Times New Roman"] (302)375-0451[/font] blog: MovingSQL.com, Twitter: @RBarryYoung[font="Arial Black"]
Proactive Performance Solutions, Inc. [/font][font="Verdana"] "Performance is our middle name."[/font]
May 3, 2009 at 12:42 am
Viewing 15 posts - 2,701 through 2,715 (of 7,631 total)