In my asp.net mvc application , I use Sql Data Adapter to update a record.
For example
UPDATE sample SET status = 1 WHERE id = #id
I need to test a scenerio where this sql code cannot be run and not any records are updated. How can i make this?
Should i make a lock for sample table and how can i do that ?
How can i make this UPDATE query somehow not works and not updates any record ?
Forgot to note that: I cannot change this code or application code and cannot give random #id parameter.
I need to do that in database level.
You can make the specific table in database read only by using one of the below techniques.
Insert, Update, Delete Trigger
Check Constraint and Delete Trigger
Make the Database Read Only
Put the Table in a Read Only File Group
DENY Object Level Permission
Create a View
You could set id to a value that does not exist for sure (e.g. -1).
Or you could remove the user rights of the user accessing the database (in the connection string) for updating this table. Hoping it's not sa :)
Add an [Authorize] attribute to the controller in question and attempt to perform the operation as a guest user.
Edit. To do it server side, enter the following to a query window on the database
Begin Transaction
That should lock up the database while you do your tests
Related
I have a system to manage printers of a company and I need to understand how the workflow between the Website and database works by knowing what is added/changed in the database with each interaction of the user. Is there a way to find or create some kind of log for a database or even the entire SQL Server that can show me what I need?
you can use extended events feature in some case :
https://learn.microsoft.com/en-us/sql/relational-databases/extended-events/quick-start-extended-events-in-sql-server?view=sql-server-2017
I think what you're looking for are triggers.
You can make tables to log the currently updated or changed data and use triggers to automatically feed data in the log table on any change
CREATE OR REPLACE TRIGGER [trigger_name]
BEFORE DELETE OR INSERT OR UPDATE ON [table_name]
FOR EACH ROW
WHEN [some condition]
DECLARE
[variable declaration]
BEGIN
[create an entry in the log table here]
END;
You can use NEW and OLD keywords to refer to the data (new referring to the most recent update of data)
Just for the record, a tool for that exactly purpose exists and is installed together with SQL Server, it is called SQL Server Profiler.
According to http://blogs.msdn.com/b/sqlcat/archive/2011/10/17/updating-a-database-snapshot.aspx I should be able to successfully execute an INSERT, UPDATE and DELETE against a Database Snapshot.
The idea is to create a view of a table before you create the snapshot, and then create the snapshot, and update the View in the snapshot.
I have tried this on my SQL Server 2014 (v12.0.2269) and I still get the error
Failed to update database "Snapshot2015_07" because the database is read-only.
The reason I am keen for this to work is that financials need to be frozen at a particular date, but need to be updated if errors are found in the snapshot.
Has anyone had success recently doing this?
I know there are alternatives like AutoAudit, but it is a lot of work to implement for 1-2 updates/deletes on a database with multiple tables with 5 million + rows
The view has to specify the database name (which is the original database name, not the snapshot database name), along with the schema and table name. Ensure the view you created specifies those three parts of the fully qualified object name.
We have an audit option in our application, where we are auditing the deleted records from a table using AFTER DELETE ON trigger.
Problem description :
The problem that we face here is, we need to log the person who has deleted the record. We could not get id of the person deleted the record anywhere from the database as its not present. Its coming from the web application. My question is there anyway to get the name or id of the person who has logged into the web application in the database side.
We are using oracle 11g.
You should be able to do this using dbms_session package.Using the package you can set and get values.Hence , during the login to your application , you can set the value and finally while on delete trigger execution , get this and insert into the audit table.
This might come handy - http://www.dba-oracle.com/t_dbms_session.htm
Hope that helps !
I have Dynamic dataWebsite which uses a SQL SP to do update operations..I have a problem here, my delete functionality is also a update (setting IsDeleted=1) operations. I am currently using LINQ query and calling datacontext.SubmitChanges() for deleting. The problem is, the update LINQ query (that sets IsDeleted=1) when I call SubmitChanges() is also calling the update SP which is meant for only Update Operations. Is there any option to fire my LINQ query directly to DB instead of calling update SP?
Employee ild = (from emp in _dataContext.Employee
where emp.IN_ID == int.Parse(ID)
select emp).FirstOrDefault();
ild.IsDeleted=1;
_dataContext.Submitchanges();
The above code always call UpdateSP that is configured to Update operation.
In this case, could you use a delete stored proc which will get called just like your update proc. The delete proc doesn't need to actually perform a DELETE FROM table query, but instead could do an Update on the underlying table setting the IsDeleted flag as appropriate:
CREATE PROCEDURE
#Id int
AS
UPDATE dbo.Employee
SET IsDeleted = 1
WHERE Id = #Id
You would then map this function to the delete behavior in LINQ to SQL just as you did the Update method. With this option, your client code would do a simple Remove on the table rather than dealing with the IsDeleted flag:
_dataContext.Employee.Remove(ild);
_dataContext.SubmitChanges();
In your model, I would argue that you shouldn't expose IsDeleted at all. That is a database implementation detail. When using soft deletes, you should abstract away your physical table and expose the functionality through views or table value functions.
As an alternative to the soft delete option, you could consider including a Tombstone table mimicing your transactional table. On a delete operation, use a stored proc or trigger to move the record from the transactional table to the tombstone table. With that, you could eliminate the IsDeleted flag from the database and elminate the need to include the filtering on all access (including reporting).
I'm not 100% sure that I follow the idea here.
generally to delete the record you would say:
_dataContext.Employee.remove(ild);
_dataContext.Submitchanges();
But it seems like you wanted to just update the record to read any Enployee that has a setting IsDeleted = 1 as a deleted record. By running the code you current have there are are generateing an UPDATE statement and so the UpdateSP will fire.
Is there a reason you can't use the .remove() method and ophysically delete the entry?
How do I find out what application or SP is modifing the values in a config table? I thought I had isolated the app that was responsible but these particular values keep chnging back to true when I keep modifying them to be false.
First, create a logging table:
CREATE TABLE modlog(
datestamp smalldatetime,
username varchar(255) NOT NULL DEFAULT SYSTEM_USER
);
Then create an UPDATE trigger on your table:
CREATE TRIGGER mytable_mods ON mytable FOR UPDATE AS
INSERT INTO modlog(smalldatetime) VALUES (GETDATE());
Just peek into the modlog table to figure out which user is updating the table, and when. You could get fancy and also log particular fields being updated.
Another approach would be to set up a trace in SQL Server Profiler, filter the heck out of it so it only returns updates on that table, and keep it open until something happens.
If your applications include the ApplicationName parameter in their connection strings, you can use App_Name() instead of SYSTEM_USER, which will log the application name, removing the extra detective work. Knowing the user might still be useful so you can figure out what they are doing to trigger the update.
Create a trigger to roll back the update. Wait for the app to error out. It can be a very simple trigger:
CREATE TRIGGER BugOffRogueProgram
ON MyConfigTable
FOR UPDATE
AS
BEGIN
ROLLBACK TRAN
END
The answers provided so far are absolutely on the spot - that's the way to do it in SQL Server 2005.
Just as a brief teaser: in SQL Server 2008, there's a new feature called Change Data Capture to support this exact scenario "out of the box" without the need to write triggers and update tables yourself. Quite handy!
Marc