Viewing 15 posts - 31 through 45 (of 49 total)
Its clear Yoda don't know and don't want to learn.
God may not be able to help Yada. You need to learn SQL.
December 2, 2004 at 1:13 pm
The logic used is:
getting parameters in csv and converting into table as you said in link. (this is basics now), then maching records based on csv generted table with data...
December 2, 2004 at 12:52 pm
I am trapping any error generated and not worried on that. The only worry is if there is no error and sql injection affect data.
I have the requirement for dynamic...
December 2, 2004 at 11:46 am
If you know then write answer.
Yoda can be killed with my skills.
December 2, 2004 at 11:00 am
OK see the actual situation like this
create PROCEDURE dbo.usp_GetContactValues
(
@JobIDs nvarchar(4000)
)
AS
SET NOCOUNT ON
DECLARE @sql nvarchar(4000)
SET @sql = 'SELECT JOB_id, job_desc
FROM JOBS WITH (NOLOCK)
...
December 2, 2004 at 10:48 am
I am just trying to see the possiblity of sql injection in the code. otherwise I may have to change all procs to use replace ' with ''.
I don't want...
December 2, 2004 at 10:12 am
Yeah you are right but in case of dynamic query, if there is something after the parameter like order by clause in the next line, sql injection will not affect. ...
December 2, 2004 at 10:10 am
Thanks Dave
My concern is whether option 1 is vulnerable to sql attack
December 2, 2004 at 8:21 am
I am looking for checking index when exists with sane defination. some thing in this line:
alter procedure usp_check_index_object
@Objname varchar(1000), @indexName varchar(8000), @decKeys varchar(4000), @decFillFactor int
as
declare @indid smallint,
-- @objname nvarchar(1000),...
November 22, 2004 at 10:32 am
When a record is inserted it fills the free space available on page. If no space then split the page and add record. Reindex on the other hand recreate the...
October 27, 2004 at 9:06 am
Run this in QA for the user database you want to operate. Replace <dbname> with your database name.
dbcc shrinkfile (2, notruncate)
dbcc shrinkfile (2, truncateonly)
create table t1 (char1 char(4000))
go
declare @i int
select...
October 20, 2004 at 3:31 pm
I am having similar problem.
Xp_Cmd is working on my local machine but doesn't work on servers in LAN. When I am running using dos promt, it is running. Actually I...
October 12, 2004 at 9:27 am
October 12, 2004 at 9:12 am
Definately worked for me. The logic is for truncating log , you need to have transaction. Try this.
dbcc shrinkfile (2, notruncate)
dbcc shrinkfile (2, truncateonly)
create table t1 (char1 char(4000))
go
declare @i int
select...
October 11, 2004 at 8:45 am
Viewing 15 posts - 31 through 45 (of 49 total)