February 4, 2010 at 12:55 pm
Very good question. You can find some documentation supporting this behavior here:
http://msdn.microsoft.com/en-us/library/aa933206(SQL.80).aspx
Specifically:
If execute_statement is used with INSERT, each result set (my emphasis) must be compatible with the columns in the table or in column_list.
While not saying it outright, that implies that the result set of each statement executed is returned to be inserted.
February 5, 2010 at 1:06 am
honza.mf (2/3/2010)
Very nice question. Nice SQL inject with a side effect.I hope I will never use something like this one.
I agree with both sentiments!
It was a tricky question, made a little easier if you paste the command into a context-sensitive editor/Query tool
Kelsey Thornton
MBCS CITP
February 5, 2010 at 3:13 am
Good Question. Thanks...
But, can you tell me how to delete the "@Sql_str" string value without restarting the sql services?
February 5, 2010 at 3:46 am
I liked the question, even though I got it wrong.
I answered 10 because I misunderstood how the row_num was going to work. I have been working with row_num quite a lot recently where I group by to match duplicates, so i was thinking it was a trick question where each row would have a row_num of 1 because each object_id was different, therefore it wouldn't count up, and all records would then qualify in the later statement, but this wasn't the case. I did catch the rest of it though π
Paul
February 5, 2010 at 6:30 am
sqlusers (2/5/2010)
Good Question. Thanks...But, can you tell me how to delete the "@Sql_str" string value without restarting the sql services?
Did you mean something like that?
Assign NULL value:
select @Sql_str = null
or balnk / empty string:
select @Sql_str = ''
Regards,
Gennadiy
February 5, 2010 at 8:27 am
sqlusers (2/5/2010)
Good Question. Thanks...But, can you tell me how to delete the "@Sql_str" string value without restarting the sql services?
It's a temporary variable that gets automatically deleted when the client session ends.
Is that what you meant?
Kelsey Thornton
MBCS CITP
February 5, 2010 at 8:29 am
I chose 4, but (as it turns out) I was guessing. (I thought I knew what was going on, chose an answer and clicked 'Submit' before actually studying the question -- yes, that's a problem I'm working on)
After re-reading the explanation, as well as all of the posts in this thread, I'm not clear on what is happening exactly.
As a Rookie, this is what I *think* is happening:
1. Temp table is created
2. 10 records are created in temp table
3. 4 More records are added to temp table (first part of @sql_str)
4. All records are deleted from temp table (second part of @sql_str)
Obviously, that is not the case. I can't find anything in BOL to help figger this out. Any help?
Thanks in advance,
- Joseph Marsh
Thanks,
- Joseph Marsh
February 5, 2010 at 8:44 am
JosephDMarsh (2/5/2010)
I chose 4, but (as it turns out) I was guessing. (I thought I knew what was going on, chose an answer and clicked 'Submit' before actually studying the question -- yes, that's a problem I'm working on)After re-reading the explanation, as well as all of the posts in this thread, I'm not clear on what is happening exactly.
As a Rookie, this is what I *think* is happening:
1. Temp table is created
2. 10 records are created in temp table
3. 4 More records are added to temp table (first part of @sql_str)
4. All records are deleted from temp table (second part of @sql_str)
Obviously, that is not the case. I can't find anything in BOL to help figger this out. Any help?
Thanks in advance,
- Joseph Marsh
Some corrections:
3. 4 rows selected and save somewhere in SQL buffer as a result set
4. All records are deleted from temp table (second part of @sql_str)
5. 4 rows from result set generated on step 3 re-inserted (as a result of D-SQL batch execution)
To understand it better just imagine that D-SQL is executed as a Stored Procedure (or could be)
insert into <table>
exec <SP with 2 statements>
Regards,
Gennadiy
February 5, 2010 at 8:49 am
JosephDMarsh (2/5/2010)
I chose 4, but (as it turns out) I was guessing. (I thought I knew what was going on, chose an answer and clicked 'Submit' before actually studying the question -- yes, that's a problem I'm working on)After re-reading the explanation, as well as all of the posts in this thread, I'm not clear on what is happening exactly.
As a Rookie, this is what I *think* is happening:
1. Temp table is created
2. 10 records are created in temp table
3. 4 More records are added to temp table (first part of @sql_str)
4. All records are deleted from temp table (second part of @sql_str)
Obviously, that is not the case. I can't find anything in BOL to help figger this out. Any help?
Thanks in advance,
- Joseph Marsh
Joseph,
You are correct, but step 3 needs tweaking and last important step is missing. Here is what is happening:
1. Temp table is created
2. 10 records are inserted into the temp table
3. The dynamic sql is examined and then executed by the engine. Since the first part of the dynamic sql selects 4 records, those are placed on the heap (saved in memory) in order to be returned back when needed. They cannot be returned back as of yet because the dynamic sql has second part.
4. All records (10 to be exact) are deleted from the temp table.
5. insert into part now kicks in and what the engine sees at this point is to execute the following: insert into temp table select whatever was selected and saved on the heap from the executing dynamic sql, which happens to be select first 4 records from temp table. Thus, the 4 originally selected records are inserted back into the temp table after every row has just been deleted from it. 4 records inserted into empty table make the table now have 4 records.
Hope this helps.
This is why I mentioned in my earlier post that if you were to replace the delete from temp table (second portion of the dynamic sql) with something like select 99, 99 then results of the first select (4 records) will be inserted and the results of the second select (one record) will be inserted as well and the result will then be 15 records in the temp table. And if you were to replace the delete from temp table part with the select of a different shape (something like select 1) then nothing will be inserted because the second select will return data not compatible with expected shape (2 columns per record returned).
Oleg
Oleg
February 5, 2010 at 9:00 am
AH -- now I get it (thank you Oleg and Gennadiy). Here's the source of my confusion: I was thinking that this ...
insert into #funny_Test
exec(@Sql_str)
... resolved into this ...
insert into #funny_Test
select id, row_num from #funny_Test where row_num < 5
delete from #funny_Test
... which would INSERT the 4 records first, then delete all of the records in the table.
BUT, now I understand that while the SELECT statement does execute and return records, the INSERT statement doesn't get that data and insert it until after the DELETE statement executes.
Very Nice. This is my "New Thing I Learned Today". And it's not even noon yet (where I am)!
Thanks,
- Joseph Marsh
February 8, 2010 at 2:08 am
Oleg Netchaev (2/5/2010)
JosephDMarsh (2/5/2010)
I chose 4, but (as it turns out) I was guessing. (I thought I knew what was going on, chose an answer and clicked 'Submit' before actually studying the question -- yes, that's a problem I'm working on)After re-reading the explanation, as well as all of the posts in this thread, I'm not clear on what is happening exactly.
As a Rookie, this is what I *think* is happening:
1. Temp table is created
2. 10 records are created in temp table
3. 4 More records are added to temp table (first part of @sql_str)
4. All records are deleted from temp table (second part of @sql_str)
Obviously, that is not the case. I can't find anything in BOL to help figger this out. Any help?
Thanks in advance,
- Joseph Marsh
Joseph,
You are correct, but step 3 needs tweaking and last important step is missing. Here is what is happening:
1. Temp table is created
2. 10 records are inserted into the temp table
3. The dynamic sql is examined and then executed by the engine. Since the first part of the dynamic sql selects 4 records, those are placed on the heap (saved in memory) in order to be returned back when needed. They cannot be returned back as of yet because the dynamic sql has second part.
4. All records (10 to be exact) are deleted from the temp table.
5. insert into part now kicks in and what the engine sees at this point is to execute the following: insert into temp table select whatever was selected and saved on the heap from the executing dynamic sql, which happens to be select first 4 records from temp table. Thus, the 4 originally selected records are inserted back into the temp table after every row has just been deleted from it. 4 records inserted into empty table make the table now have 4 records.
Hope this helps.
This is why I mentioned in my earlier post that if you were to replace the delete from temp table (second portion of the dynamic sql) with something like select 99, 99 then results of the first select (4 records) will be inserted and the results of the second select (one record) will be inserted as well and the result will then be 15 records in the temp table. And if you were to replace the delete from temp table part with the select of a different shape (something like select 1) then nothing will be inserted because the second select will return data not compatible with expected shape (2 columns per record returned).
Oleg
Oleg
Good question, and an excellent explanation.
/HΓ₯kan Winther
MCITP:Database Developer 2008
MCTS: SQL Server 2008, Implementation and Maintenance
MCSE: Data Platform
February 16, 2010 at 12:42 pm
Best QOTD I've seen for a while. It forced me to think.
Tom
February 16, 2010 at 2:00 pm
Excellent QotD. Grey matter exercise, rather than spot the illegal statement π
March 3, 2010 at 11:32 am
Wow! The shocking thing to me is that I understood it and answered it right! Those T-SQL classes that I am teaching are starting to pay off π
Peter Trast
Microsoft Certified ...(insert many literal strings here)
Microsoft Design Architect with Alexander Open Systems
March 30, 2010 at 9:13 am
This question made my head hurt.
Paul White
SQLPerformance.com
SQLkiwi blog
@SQL_Kiwi
Viewing 15 posts - 31 through 45 (of 46 total)
You must be logged in to reply to this topic. Login to reply