How to get Sql Text for every username [duplicate] - sql

I need to see the queries that are being sent to Oracle to execute them. Can someone give me specific detailed instructions on how to do this ?

If you want to see the queries from a specific user, you can use this (assuming you have privileges to query v$session and v$sqlarea (usually through SELECT_CATALOG_ROLE)
SELECT sess.sid,
sess.username,
sqla.optimizer_mode,
sqla.hash_value,
sqla.address,
sqla.cpu_time,
sqla.elapsed_time,
sqla.sql_text
FROM v$sqlarea sqla, v$session sess
WHERE sess.sql_hash_value = sqla.hash_value
AND sess.sql_address = sqla.address
AND sess.username = 'SCOTT'
Replace SCOTT with the appropriate username in your system
Output:
544 SCOTT ALL_ROWS 2004330732 07000001064088E8 89391 131836 SELECT sess.sid, sess.username,
sqla.optimizer_mode, sqla.h
ash_value, sqla.address, s
qla.cpu_time, sqla.elapsed_time,
sqla.sql_text FROM v$sqlarea sq
la, v$session sess WHERE sess.sql_hash_
value = sqla.hash_value AND sess.sql_
address = sqla.address AND sess.usern
ame = 'SCOTT'

This query will show queries that are currently running:
select sql_text from v$sqlarea where users_executing > 0;
See documentation of V$SQLAREA

You can check and get the data if you have access to these two oracle tables/views (v$sqlarea & v$sqltext), Also accoridng to your need you can also modify the query and add A.cpu_time, A.elapsed_time if required.
Query -
SELECT A.SQL_ID,
A.FIRST_LOAD_TIME,
A.SQL_TEXT,
A.SQL_FULLTEXT
FROM v$sqlarea A, v$sqltext B
WHERE A.PARSING_SCHEMA_NAME = 'TESTUSER' --YOUR USERNAME
AND A.SQL_ID = B.SQL_ID
AND A.HASH_VALUE = B.HASH_VALUE
ORDER BY A.FIRST_LOAD_TIME DESC
Output -

Related

How to detect if view was created by an extension?

In PostgreSQL on how can one know whether a specific view was created by an extension?
What SQL query must be executed to find out? No manual solutions.
Check if the view shows up in \dx+ output in psql -E.
This will also show the queries that psql uses to get the result, which will help you construct a query.
Axel Fontaine pays attention to what Laurenz Albe says
with \ dx + output in psql -E. I got the following query (replace pg_stat_statements by your extension ):
SELECT c.relname FROM pg_catalog.pg_depend join pg_class c on (c.oid=pg_depend.objid) WHERE refclassid = 'pg_catalog.pg_extension'::pg_catalog.regclass AND deptype = 'e' AND refobjid = ( SELECT e.oid FROM pg_catalog.pg_extension e WHERE e.extname='pg_stat_statements') and c.relkind='v' ORDER BY 1;
;-)

Using the results of a select sub query as the columns to select in the main query. Injection?

I have a table that contains a column storing sql functions, column names and similar snippets such as below:
ID | Columsql
1 | c.clientname
2 | CONVERT(VARCHAR(10),c.DOB,103)
The reason for this is to use selected rows to dynamically create results from the main query that match spreadsheet templates. EG Template 1 requires the above client name and DOB.
My Subquery is:
select columnsql from CSVColumns cc
left join Templatecolumns ct on cc.id = ct.CSVColumnId
where ct.TemplateId = 1
order by ct.columnposition
The results of this query are 2 rows of text:
c.clientname
CONVERT(VARCHAR(10),c.DOB,103)
I would wish to pass these into my main statement so it would read initially
Select(
select columnsql from CSVColumns cc
left join Templatecolumns ct on cc.id = ct.CSVColumnId
where ct.TemplateId = 1
order by ct.columnposition
) from Clients c
but perform:
select c.clientname, CONVERT(VARCHAR(10),c.DOB,103) from clients c
to present a results set of client names and DOBs.
So far my attempts at 'injecting' are fruitless. Any suggestions?
You can't do this, at least not directly. What you have to do is, in a stored procedure, build up a varchar/string containing a complete SQL statement; you can execute that string.
declare #convCommand varchar(50);
-- some sql to get 'convert(varchar(10), c.DOB, 103) into #convCommand.
declare #fullSql varchar(1000);
#fullSql = 'select c.clientname, ' + #convCommand + ' from c,ients c;';
exec #fullSql
However, that's not the most efficient way to run it - and when you already know what fragment you need to put into it, why don't you just write the statement?
I think the reason you can't do that is that SQL Injection is a dangerous thing. (If you don't know why please do some research!) Having got a dangerous string into a table - e.g 'c.dob from clients c;drop table clients;'- using the column that contains the data to actually execute code would not be a good thing!
EDIT 1:
The original programmer is likely using a C# function:
string newSql = string.format("select c.clientname, {0} from clients c", "convert...");
Basic format is:
string.format("hhh {0} ggg{1}.....{n}, s0, s1,....sn);
{0} in the first string is replaced by the string at s0; {1} is replaces by tge string at s1, .... {n} by the string at sn.
This is probably a reasonable way to do it, though why is needs all the fragments is a bit opaque. You can't duplicate that in sql, save by doing what I suggest above. (SQL doesn't have anything like the same string.format function.)

SQL Developer 'run script' failing but 'run statement' works

I have a simple left join query on two tables linking to get the description:
SELECT WORK.ACTION_ID, WORK.ACTION_STAT, WORK.DESCRIPTION_ID,
WORK.CLIENT_SERVER_IND, WORK.UPDATE_TSTAMP, WORK.UPDATE_USER_ID,
WORK.OTHER_ACTION_DATA, D.DESCRIPTION_ID, D.LANGUAGE, D.DESCRIPTION_TEXT,
D.UPDATE_TSTAMP DSCRP_UPD_TSTAMP
FROM xxxx.R_ACTION WORK
INNER JOIN xxxx.R_DESC_TEXT D ON WORK.DESCRIPTION_ID = D.DESCRIPTION_ID
WHERE D.LANGUAGE = 'ENGLISH'
AND D.DESCRIPTION_STAT = 'P';
I have the query in SQL Developer and if I select 'Run Statement' it works fine in less than a second and I can retrieve all 283 records.
If I select 'Run Script' I can see the output for about 33 lines and it then just hangs and eventually I get a 'socket read timed out' message.
I have the same table in a different schema, but with slight different data in it, and in that one the run statement and run script work fine.
Why would it work for 'Run Statement' but fail for 'Run Script' in this schema?
I'm on the CLOB bandwagon, too. Thinking 90% chance your DESCRIPTION_TEXT is a CLOB field.
As a test, try this query as "run script", which ignores the actual DESCRIPTION_TEXT and outputs "bogus" instead:
SELECT WORK.ACTION_ID, WORK.ACTION_STAT, WORK.DESCRIPTION_ID,
WORK.CLIENT_SERVER_IND, WORK.UPDATE_TSTAMP, WORK.UPDATE_USER_ID,
WORK.OTHER_ACTION_DATA, D.DESCRIPTION_ID, D.LANGUAGE, 'bogus' DESCRIPTION_TEXT,
D.UPDATE_TSTAMP DSCRP_UPD_TSTAMP
FROM xxxx.R_ACTION WORK
INNER JOIN xxxx.R_DESC_TEXT D ON WORK.DESCRIPTION_ID = D.DESCRIPTION_ID
WHERE D.LANGUAGE = 'ENGLISH'
AND D.DESCRIPTION_STAT = 'P';
If that works, try using this query, which makes use of DBMS_LOB.SUBSTR() to help cast the CLOB as VARCHAR by truncating output to first 4000 characters of it.
SELECT WORK.ACTION_ID, WORK.ACTION_STAT, WORK.DESCRIPTION_ID,
WORK.CLIENT_SERVER_IND, WORK.UPDATE_TSTAMP, WORK.UPDATE_USER_ID,
WORK.OTHER_ACTION_DATA, D.DESCRIPTION_ID, D.LANGUAGE,
dbms_lob.substr(D.DESCRIPTION_TEXT, 4000) DESCRIPTION_TEXT,
D.UPDATE_TSTAMP DSCRP_UPD_TSTAMP
FROM xxxx.R_ACTION WORK
INNER JOIN xxxx.R_DESC_TEXT D ON WORK.DESCRIPTION_ID = D.DESCRIPTION_ID
WHERE D.LANGUAGE = 'ENGLISH'
AND D.DESCRIPTION_STAT = 'P';

MultiTable SQL query. (MAX) on new table field hangs the query

I am using BIDS to connect to a Progress DB through an ODBC connection:
This query works fine
SELECT
PUB."master"."app-number",
...
PUB."property"."prop-id",
FROM
PUB."master" master JOIN PUB."property" property ON
master."lt-acnt" = property."lt-acnt"
...
LEFT OUTER JOIN PUB."arm" arm ON
master."lt-acnt" = arm."lt-acnt"
WHERE
...
However, I need to add some additional fields from another table. The problem is that I only need the information from the last time these new fields were updated.
I have tried:
SELECT
yt."app-number"
...
yt."disc-adj-tot",
yt."rt-adj-nbr",
yt."base-disc-per"
FROM (
SELECT PUB."master"."app-number",
...
PUB."lt-rt-adj-hdr"."disc-adj-tot",
PUB."lt-rt-adj-hdr"."rt-adj-nbr",
PUB."lt-rt-adj-hdr"."base-disc-per"
FROM PUB."master" master JOIN PUB."property" property ON
master."lt-acnt" = property."lt-acnt"
...
JOIN PUB."lt-rt-adj-hdr" lt_rt_adj_hdr ON
lt_master."lt-acnt" = lt_rt_adj_hdr."lt-acnt") yt
INNER JOIN(
SELECT "app-number",
MAX("rt-adj-nbr") "rt-adj-nbr"
FROM ( PUB."lt-master" lt_master JOIN
PUB."lt-rt-adj-hdr" lt_rt_adj_hdr ON
lt_master."lt-acnt" = lt_rt_adj_hdr."lt-acnt")
GROUP BY "app-number") ss on yt."app-number" = ss."app-number" and
yt."rt-adj-nbr" = ss."rt-adj-nbr"
WHERE ...
This query just hangs and will not return results unless a very simple WHERE clause like "WHERE yt."app-number" = 123456" is used. I am completely stuck.
Has the owner of the Progress DB ever run "update statistics"? The Progress SQL query optimizer needs to have good statistics in order to execute efficiently. Progress applications usually use the 4GL engine rather than SQL so, in many cases, the administrator is not keeping the SQL statistics updated. Which often leads to very poor SQL query performance.
From the 4GL side the admin can use this script to generate a program that will do the job:
/* genUpdateSQL.p
*
* mpro dbName -p util/genUpdateSQL.p -param "tmp/updSQLstats.sql"
*
* sqlexp -user userName -password passWord -db dnName -S servicePort -infile tmp/updSQLstats.sql -outfile tmp/updSQLtats.log
*
*/
output to value( ( if session:parameter <> "" then session:parameter else "updSQLstats.sql" )).
for each _file no-lock where _hidden = no:
put unformatted
"UPDATE TABLE STATISTICS AND INDEX STATISTICS AND ALL COLUMN STATISTICS FOR PUB."
'"' _file._file-name '"' ";"
skip
.
put unformatted "commit work;" skip.
end.
output close.
return.
Or, you could do it if you have sufficient privileges (just plug in your table name for _file._file-name).

basic oracle question

I have this query:
select total.lecgrouplecture(l.groupcode) lecturename,
total.lecgrouptime(l.groupcode) lecttime
from total.lecgroup l
where term = (select term
from total.CURENTTERM)
and rownum < 10
order by lecturename
I want to know what total.lecgrouptime(l.groupcode) is, and get this information from where?
total is the package name
lecgrouplecture is a function within that package
Look in user_source for the code or use a GUI like SQL Developer or TOAD
it looks like TOTAL is the name of a schema (SELECT * FROM all_users WHERE username = 'TOTAL'). If this is the case then lecgrouplecture must be a pl/sql function. You will find what it does with Robert's query:
SELECT *
FROM all_source
WHERE owner = 'TOTAL'
AND name = 'LECGROUPLECTURE'
ORDER BY line;