As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 9 years ago.
Im trying to understand more about SQL injection, I know how it works and how to protect against it, but I just have a few questions.
What are typical 'programming' sources of vulnerability to SQL injection exploit?
What are typical 'system' and coding mechanisms that can be used to protect against SQL injection?
I would appreciate straight answers not links as I dont find them useful.
Thank you
Sources:
Not validating your input types.
Concatenating Strings with inputs directly.
Not using PreparedStatements to guarantee that only one instruction is executed.
Solutions:
Use prepared statements.
Validate input types (may be redundant if above point is used correctly).
Related
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 11 years ago.
What are the features that are not available in T-SQL however, they are part of SQL standard. Also, If someone can list nice features that are available in PL/SQL (ORACLE) not currently available in T-SQL (e.g. LAG and LEAD etc.) I know Denali will introduce some of those (like lag and lead) but not sure?
I know there are features (some of those are indeed nice e.g. TOP) available in T-SQL but not part of SQL Standard. I just want to find other side of story.
There really isn't a SQL "standard". However you can get O'Reilly SQL Pocket Guide, it has most of the primary differences between the SQL dialects and is well worth the 15 dollars to get. There are many small differences in between TSQL and Oracle. Too many to list here.
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 11 years ago.
I got following question on an interview:
Which SQL mechanisms allow user to browse tables sequentially?
Cursor is a good example - but I don't think you could really argue that Cursors are truely a part of SQL - rather they just tend to come bolted in with procedural languages used on database servers - like pl/SQL and T-SQL.
You could also make an argument for Recordsets, Dynasets, DataTables and DataViews, but those aren't part of SQL itself either.
They might be referring to ORDER BY with a sequential field on the table, but if so, they've not phrased their question very well...
Martin.
"CURSOR" might be the word that you should google for.
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 9 years ago.
In your workplace, where do you store your common, non-database specific scripts that you use in SQL Server? Do you keep them in .SQL scripts on the file server, do you store them in the Master database, or do you keep them in a database you defined specifically for these kinds of things?
We store them as regular source code, so in version-control.
You have then available previous versions of script, and you avoid "someone deleted the XY script" risk.
We store them in a wiki where everyone can access them.
We store them in a separate database and have a custom program for easy execution and maintenance.
I horde them all in template format on my hard drive. CTRL+SHIFT+M will fill the placehoders. It's great.
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 10 years ago.
What are the differences between MySQL and Sql server?
What are the parameter to chose between the two?
Several questions here related to DB comparisons of various flavors:
What are the major differences between databases?
https://stackoverflow.com/questions/404776/why-isnt-postgresql-as-widespread-as-mysql
Where to find a good reference when choosing a database?
postgresSQL mysql oracle differences
The paramater to choose between the two is the price tag. How much do you "expect" to pay for your database. If its zero then MySQL is probably good enough for you, if its 10k then SQL Server is probably good enough for you.
As for the actual differences, there are too many to list.
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 10 years ago.
What is the best references/links,cheatsheets for the MDX language? Here are a few starters that I have collected. Please share yours :)
http://www.gumper.com/mdx.html
http://www.sqlserveranalysisservices.com/OLAPPapers/InventoryManagement%20in%20AS2005v2.htm
http://www.ssas-info.com/ssas-cheat-sheets/72-cheat-sheets/880-time-mdx-cheat-sheets
It's perhaps hard to look through if you don't know what you're looking for, but the Microsoft MDX Reference is actually very good if you know the name of the functions.
Obviously (or perhaps not that obviously) the MDX implementation differs between OLAP sources, and the Microsoft reference is tailored towards Analysis Services.
You'll find some MDX documentation (introduction and reference) at : http://www.iccube.com/support/documentation/mdx/index.html