I run a site at localhost and I would like to see which queries are executed.
I've seen that some pages execute a lot of queries (eg 107) and I would like to see which are all these,as I think they're a lot..
(I know how many queries are executed, as the queries are executed through a function which also stores at a global value the number of queries)
Is it possible?
Thanks!
Modify the function that you use to execute queries, so that it will log them into a file or just output them at the bottom of the page for instance.
There is no tool or (built-in) function that would tell you what was executed on some specific request.
You can trace a mysql database as described at this link.
Turn on the MySQL general query log. Quite useful during development, it will show you literally everything that your server is doing.
As such, I wouldn't recommend enabling it on a production server (at least not for long).
Related
I'm using SQL Server 2008 and need to see a list of what commands have been exectued and when. Is this possible? How can I read such log?
Duplicated question (I guess)
Looking for a SQL Transaction Log file viewer
You can use third party software to read transaction logs.
http://www.red-gate.com/products/dba/sql-log-rescue/
http://www.apexsql.com/sql_tools_log.aspx
http://www.toadworld.com/products/toad-for-sql-server/w/wiki/10586.log-reader.aspx
And if you want to audit truncate command try to audit all commands executed on your database.
http://www.databasejournal.com/features/mssql/article.php/3861791/Database-Level-Auditing-with-Microsoft-SQL-Server-2008.htm
There are some commercial products which will do this like Apex SQL Log and I think Red Gate might do one too, which give you a nice GUI to do all this but it is possible to do all this without them. That being said, if you only need to do this once then you might get away with juts downloading and using a trial version of one of these products.
This tutorial shows you how to get started extracting information from the log using T-SQL and an undocumented function called fn_dblog. However, the caveat here, as always with undocumented features, is that you should not rely on it in production code in case it disappears without warning, which it may. If you're just using it to investigate something and not using it on a scheduled basis or anything then you'll be fine.
There are quite a few other tutorials out there that use fn_dblog as well, so just have a look on your favourite search engine. It is worth readin up on this function before using it as the information it returns isn't all that straightforward.
In SQL Server 2008 R2, I would like to execute a statement that I want to be invisible to the SQL Profiler or other means of observing user queries. Is there a way to control what is displayed by SQL profiler?
I would like to execute something like:
SELECT 'MyPassword' INTO #passwordTable
I don't want to show 'MyPassword' through SQL Server Profiler or other means. Any ideas?
Essentially, no, you can't. You used to be able to do this by adding a comment like this into the batch or statement:
-- sp_password
But this no longer works. Why aren't you hashing your password?
Well, you have to be a server administrator to run the SQL Profiler, so even if you could prevent it from seeing the command, the user could just go grab the password table anyway. Ideally you would be storing hashes of the passwords rather than the passwords, making any viewing from the profiler useless.
If you really want to try and keep the profiler from seeing the statements, you could try a third party tool like this: http://www.dbdefence.com/support/dbdefence-documentation/
I have no idea if it works though, or how reputable that company is.
Denis, Aaron is correct, there is nothing like an "invisible statement", you can't tweak SQL Profiler to NOT show statements: once aboard, one can see all statements running in the DB.
You need to obfuscate this sensible data before submitting it to the DB. There are some obfuscated methods available (one-way hash, symmetric algoritms, home-made methods), you need to choose the more suitable method to your needs and implement it. Unfortunatelly, there is no free-lunch to your case...
I have seen a product called DBDefence.
It hides SQL statements from the profiler completely. I do not know how do they do it.
I use free version because I have small database.
In earlier versions of SQL Server it was possible to add a comment --sp_password
but not in SQL Server 2008 and above.
I don't see the point, really. If one is able to view a query with SQL profiler, surely he could access the database to view the actual data.
The key is to not store sensitive data (like passwords) in clear text.
Preventing people to use SQL profiler will come down to applying the proper security configuration on your SQL Server.
With respect to performance tuning, I would like to find out the number of DB calls each page is making. Also, the stored procedures and queries that is executed. I'm using Asp.net and SQL Server 2008. In some places we have directly written the query in C# insead of calling SP.
I tried using SQL Profiler. In that, under Event if I select SP, I'm able to trace the SP calls. But what about the queries that are direcly called in C#. How can I trace that.
Kindly let me know how this can be done or if there is a better tool to find this out.
Thanks in advance.
Use SQL Profiler to create a trace that logs these events:
RPC:Completed
SP:Completed
SP:StmtCompleted
SQL:BatchCompleted
SQL:StmtCompleted
See How Can I Log and Find the Most Expensive Queries?
When you open a new trace you can select the template TSQL Which will then include the event SQL:BatchStarting that will show you the queries as well
I took over someones job and need to find out from where certain tables are being read. Is there a way to do that? The more information I could get about the caller the better.
I am using MS SQL Server 2000.
If you want to see the full detail of all queries that are being run against the server, including the hostname and username of the client calling it, you'll want to run a trace.
You can use the SQL Profiler tool to run a short trace, but I prefer to run a "server-side" trace to a file, which I can examine later.
See the SQLServerPedia article here: http://sqlserverpedia.com/wiki/The_Server-side_Trace:_What,_Why,_and_How
You might also run a network sniffer process to watch the raw connections.
You could add a trigger to the table you want to be audited and insert relevant data into an audit table from there.
E.g. http://www.devx.com/dbzone/Article/7939/1954
If you can get on the server while your table is being accessed, look into the undocumented stored procedure sp_who2.
Is there a way (in MySQL) to get the pure SQL statement after parameters have been added? I'm having issues with one of my statements once I start using parameters, and I want to see what's being executed. Of course it has to do with dates.
Using MySQL .NET Connector. I have access to MySQL server, and I use SQLYog to administrate.
Thanks!
-Steve
You can use the query logs option to have all queries issued to the server logged.
See http://dev.mysql.com/doc/refman/5.1/en/server-logs.html for information about the log types and how to enable and configure them.