I am lazy, sometimes excruciatingly lazy but hey (ironically) this is how we get stuff done right?
Had a simple idea that may or not be out there. If it is I would like to know and if not perhaps I will make it.
When working with my MSSQL database sometimes I want to test the performance of various transactions over tables and view and procedures etc... Does anyone know if there is a way to fill a table up with x rows of junk data mearly to experiment with.
One could simple enough..
INSERT INTO `[TABLE]`
SELECT `COLUMNS` FROM [`SOURCE_TABLE`]
Or do some kind of...
DECLARE count int
SET count = 0
WHILE count <= `x`
BEGIN
INSERT INTO `[TABLE]`
(...column list...)
VALUES
(...VALUES (could include the count here as a primary key))
SET count = count + 1
END
But it seems like there is or should already be something out there. Any ideas??
I use redgate
SQL Data generator
Use a Data Generation Plan (a feature of Visual Studio database projects).
WinSQL seems to have a data generator (which I did not test) and has a free version. But the Test data generation wizard seems to be reserved to the Pro version.
My personal favorite would be to generate a CSV file (using a 4.5 lines script) and load it into your SQL DB using BULK INSERT. This will also allow better customization of the data as sometimes is needed (e.g. when writing tests).
Situation:
I'm doing some penetration testing for a friend of mine and have total clearance to go postal on a demo environment. Reason for this is because I saw a XSS-hole in his online ASP-application (error page with error as param allowing html).
He has a Access DB and because of his lack of input-validation I came upon another hole: he allows sql injection in a where-clause.
I tried some stuff from:
http://www.krazl.com/blog/?p=3
But this gave limited result:
MSysRelationships is open, but his Objects table is shielded.
' UNION SELECT 1,1,1,1,1,1,1,1,1,1 FROM MSysRelationships WHERE '1' = '1 <-- worked so I know the parent table has at least 9 columns. I don't know how I can exploit the relation table to get tablenames ( I can't find any structures explanation so I don't know on what to select.
Tried brute-forceing some tablenames, but to no avail.
I do not want to trash his DB, but I do want to point out the serious flaw with some backing.
Anyone has Ideas?
Usually there are two ways to proceed from here. You could try to guess table names by the type of data which is stored in them which often works ("users" usually stores the user data ...). The other method would be to generate speaking error messages in the application to see if you can fetch table or column names from there.
I want to pass a comma delemited list of values as a parameter to a query I'm building using the designer in Visual Studio 2008 based on some strongly typed DAL tutorials I was going through. The query is going against a DB2 database. Here's what I want to do:
select * from prices where customer in(?)
It works fine win I pass in 123456 as ?
But fails when I pass in '123456' (it is a char field so I don't know why this doesn't work; it must be adding these behind the scenes) or 123456, 123457 or '123456', '123457'
I'm adding this page to a portal where all the data access is being done based on the DAL designer model with a BLL that calls it so I wanted to do it this way for consistency. Is this possible or is this a situation where the tool just isn't flexible enough to accomplish what I need it to do? Thanks.
This is a very common mistake people make with parameterized queries. You have to remember that a single parameter placeholder "?" is a substitute for a single value.
See the question link below for a clever solution for this problem from Joel Spolsky.
"Parameterizing a SQL IN clause?"
Also a bunch of other people answered the same question, reiterating that the standard solution is to construct the SQL query dynamically, appending a parameter placeholder for each value you need to pass.
I need to get a list of all documents in a site collection, which I believe I can do with either the alldocs table or the alluserdata table (MOSS 2007 SP1) but do not see how I can get the author information for the document. I do not need the contents of the document (e.g. AllDocStreams content)
Something like this:
SELECT tp_DirName, tp_LeafName, tp_Version, tp_Modified, tp_Created
FROM AllUserData
WHERE (tp_ContentType = 'Document')
AND (tp_LeafName NOT LIKE '%.css')
AND (tp_LeafName NOT LIKE '%.jpg')
AND (tp_LeafName NOT LIKE '%.png')
AND (tp_LeafName NOT LIKE '%.wmf')
AND (tp_LeafName NOT LIKE '%.gif')
AND (tp_DirName NOT LIKE '%Template%')
AND (tp_IsCurrentVersion = 1)
AND (tp_LeafName NOT LIKE '%.xsl')
ORDER BY tp_SiteId, tp_ListId, tp_DirName, tp_LeafName, tp_IsCurrentVersion DESC
Is there a better way to go about this?
People that claim that you cannot query SharePoint databases because it is not supported are wrong. From reading the documentation, it is fine to query the database as long as you use the 'With(NoLock)' clause. It is clearly not supported to update, delete, or insert records.
The below query is supported:
Select *
From your_content_database.dbo.AllDocs With (NoLock)
I will post a query that provides the desired result in a few minutes.
Why not use the sharepoint object model rather then using the raw database approach? I know that the object model approach does have a performance penalty compared to the database, but MS could change the db schema with the next path. On the other hand the likelyhood of MS breaking their own object model is far less, and as far as I know the recommended way is to use either the object model or the web services.
Don't ever query the SharePoint database directly. This is completely unsupported and can get you into trouble moving forward (for instance, if a service-pack or hotfix modifies schema, then you app is broken).
The below would return the top 100 largest documents that were added in the last 24 hours to the content database.
Select Top 100
W.FullUrl,
W.Title,
L.tp_Title as ListTitle,
A.tp_DirName,
A.tp_LeafName,
A.tp_id ,
DS.Content ,
DS.Size,
D.DocLibRowID,
D.TimeCreated,
D.Size,
D.MetaInfoTimeLastModified,
D.ExtensionForFile
From your_content_database.dbo.AllLists L With (NoLock)
join your_content_database.dbo.AllUserData A With (NoLock)
On L.tp_ID=tp_ListId
join your_content_database.dbo.AllDocs D With (NoLock)
On A.tp_ListID=D.ListID
And A.tp_SiteID=D.SiteID
And A.tp_DirName=D.DirName
And A.tp_LeafName=D.LeafName
join your_content_database.dbo.AllDocStreams DS With (NoLock)
On DS.SiteID=A.tp_SiteID
And DS.ParentID=D.ParentID
And DS.ID=D.ID
join your_content_database.dbo.Webs W With (NoLock)
On W.ID=D.WebID
And W.ID=L.Tp_WebID
And W.SiteID=A.tp_SiteID
Where DS.DeleteTransactionID=0x
And D.DeleteTransactionID=0x
And D.IsCurrentVersion=1
And A.tp_DeleteTransactionID=0x
And A.tp_IsCurrentVersion=1
And D.HasStream=1
And L.tp_DeleteTransactionId=0x
And ExtensionForFile not in('webpart','dwp','aspx','xsn','master','rules','xoml')
And D.MetaInfoTimeLastModified>DateAdd(d,-1,GetDate())
Order by DS.Size desc
I recommend that you have a look at the Camelot .NET Connector which allows you to query SharePoint 2007/2010 using standard SQL queries. Its a ADO.NET driver that can also be exposed through a simple WCF service and by that available through any programming language. Lets say one would like to select from "shared documents", you would write something like:
select * from `shared documents`
or with certain columns:
select id, title, filetype, filesize, created, createdby from `shared documents`
or with where statement:
select id, title, filetype, filesize, created, createdby from `shared documents` where filetype = '.gif'
Why don't you use a Content Query web part?
Why don't you use a search object to query the same? This would be my preferred solution. Search has most properties already and you can add more if you need them. Search is probably a lot quicker than querying content database(s).
Whether it is supported or not, it is still bad form to query the Content Database directly and any developer who would suggest this as a solution should get a lecture ;). For instance, what happens if an admin creates a second content database to your webapp? If you query goes across site collections it will not return the desired results until you provide for this in code.
MOSS provides many webservices out of the box which make life a little easier. They are always worth exploring.
For this particular instance, I think the article, Getting a list of files from a MOSS document library using a SharePoint web service, will be of assistance. If this isn't your exact scenario, it will get you on the right track.
If the Document service doesn't help you, the Search service will I'm sure. Check the documentation for usage.
You can get some of the information from the UserInfo table by joining AllUserData.tp_Author to UserInfo.tp_ID, but messing around in these tables is not recommended and can be very fragile, and also your queries are not guaranteed to work after applying any patches or service packs to SharePoint. I would use either webservices or the SharePoint object model to access the data.
I have 150+ SQL queries in separate text files that I need to analyze (just the actual SQL code, not the data results) in order to identify all column names and table names used. Preferably with the number of times each column and table makes an appearance. Writing a brand new SQL parsing program is trickier than is seems, with nested SELECT statements and the like.
There has to be a program, or code out there that does this (or something close to this), but I have not found it.
I actually ended up using a tool called
SQL Pretty Printer. You can purchase a desktop version, but I just used the free online application. Just copy the query into the text box, set the Output to "List DB Object" and click the Format SQL button.
It work great using around 150 different (and complex) SQL queries.
How about using the Execution Plan report in MS SQLServer? You can save this to an xml file which can then be parsed.
You may want to looking to something like this:
JSqlParser
which uses JavaCC to parse and return the query string as an object graph. I've never used it, so I can't vouch for its quality.
If you're application needs to do it, and has access to a database that has the tables etc, you could run something like:
SELECT TOP 0 * FROM MY_TABLE
Using ADO.NET. This would give you a DataTable instance for which you could query the columns and their attributes.
Please go with antlr... Write a grammar n follow the steps..which is given in antlr site..eventually you will get AST(abstract syntax tree). For the given query... we can traverse through this and bring all table ,column which is present in the query..
In DB2 you can append your query with something such as the following, but 1 is the minimum you can specify; it will throw an error if you try to specify 0:
FETCH FIRST 1 ROW ONLY