Is there a way (in MySQL) to get the pure SQL statement after parameters have been added? I'm having issues with one of my statements once I start using parameters, and I want to see what's being executed. Of course it has to do with dates.
Using MySQL .NET Connector. I have access to MySQL server, and I use SQLYog to administrate.
Thanks!
-Steve
You can use the query logs option to have all queries issued to the server logged.
See http://dev.mysql.com/doc/refman/5.1/en/server-logs.html for information about the log types and how to enable and configure them.
Related
Can we use SQL Server or MySQL syntax in Report Studio?
There is one MAJOR advantage in relying on built-in SQL generator, instead of using pass-through SQL option available for every query: when your back-end database changes, as along as you did not utilize database-specific features, your report will continue to execute without any changes. So YES, you can provide your own SQL, but there is no reason to.
I had a program using SQLconnector to connect to MS SQL 2012, I want know SQL query execution time. I am aware there is a SQL Server Profiler, but I can't configure it correctly to capture any query execution time. I am also aware that I can add timer within program but i can not change code easily.
All advice welcome. thanks
AFAIK SQLConnector is for MySQL, so I don't understand how you can work with SQLServer 2012.
If you need profiling in SQLServer - there is nothing better than SQL Server Profiler.
I can't configure it correctly to capture any query execution time
It must be easy:
Event Selecion - you need SQL:Stmt Completed (uncheck everything else). You need to select duration.
Column Filters - create filter by Login Name (make special login if you need it), TextData, Spid (if you can figure out how to obtain it)
This is not supported by default but you can do this using several techniques depending on what are your needs.
Do you need to capture every statement including SELECT? If yes then I suggest you still use SQL Server Profiler or SQL Server Traces
If you only need to capture DML statements (excluding SELECT) you can try setting up triggers on tables you want to audit.
There are also DDL triggers that can help you catch DDL statements (as far as I know there is no way to capture all DDL statements using DDL triggers).
So, there are many options here but it all depends on what are your needs.
In SQL Server 2008 R2, I would like to execute a statement that I want to be invisible to the SQL Profiler or other means of observing user queries. Is there a way to control what is displayed by SQL profiler?
I would like to execute something like:
SELECT 'MyPassword' INTO #passwordTable
I don't want to show 'MyPassword' through SQL Server Profiler or other means. Any ideas?
Essentially, no, you can't. You used to be able to do this by adding a comment like this into the batch or statement:
-- sp_password
But this no longer works. Why aren't you hashing your password?
Well, you have to be a server administrator to run the SQL Profiler, so even if you could prevent it from seeing the command, the user could just go grab the password table anyway. Ideally you would be storing hashes of the passwords rather than the passwords, making any viewing from the profiler useless.
If you really want to try and keep the profiler from seeing the statements, you could try a third party tool like this: http://www.dbdefence.com/support/dbdefence-documentation/
I have no idea if it works though, or how reputable that company is.
Denis, Aaron is correct, there is nothing like an "invisible statement", you can't tweak SQL Profiler to NOT show statements: once aboard, one can see all statements running in the DB.
You need to obfuscate this sensible data before submitting it to the DB. There are some obfuscated methods available (one-way hash, symmetric algoritms, home-made methods), you need to choose the more suitable method to your needs and implement it. Unfortunatelly, there is no free-lunch to your case...
I have seen a product called DBDefence.
It hides SQL statements from the profiler completely. I do not know how do they do it.
I use free version because I have small database.
In earlier versions of SQL Server it was possible to add a comment --sp_password
but not in SQL Server 2008 and above.
I don't see the point, really. If one is able to view a query with SQL profiler, surely he could access the database to view the actual data.
The key is to not store sensitive data (like passwords) in clear text.
Preventing people to use SQL profiler will come down to applying the proper security configuration on your SQL Server.
Is there a tool for windows that we can use to inspect any SQL commands that go through a particular ODBC data source?
You can make ODBC log out everything it's doing:
http://support.microsoft.com/kb/274551
http://msdn.microsoft.com/en-us/library/ms711020%28VS.85%29.aspx
You can also do it programmatically:
... One can do this by calling SQLSetConnectAttr and set the SQL_ATTR_TRACE attribute in the connection to SQL_OPT_TRACE_ON. So, by doing this you would be enabling/disabling it for the connection duration.
http://decipherinfosys.wordpress.com/2009/01/17/odbc-tracing/
If you're using SQL Server, look at the SQL Server Profiler. Profiler allows you to monitor/trace all communications between your application and the SQL Server, including which procedures are called, parameter values, etc, without having to modify your application.
If you're using a different server, you should be able to find a sql proxy that will do the same thing.
I run a site at localhost and I would like to see which queries are executed.
I've seen that some pages execute a lot of queries (eg 107) and I would like to see which are all these,as I think they're a lot..
(I know how many queries are executed, as the queries are executed through a function which also stores at a global value the number of queries)
Is it possible?
Thanks!
Modify the function that you use to execute queries, so that it will log them into a file or just output them at the bottom of the page for instance.
There is no tool or (built-in) function that would tell you what was executed on some specific request.
You can trace a mysql database as described at this link.
Turn on the MySQL general query log. Quite useful during development, it will show you literally everything that your server is doing.
As such, I wouldn't recommend enabling it on a production server (at least not for long).