Defensive Database Programming - Red Gate Software

More documents

Recommendations

Info

Chapter 1: Basic Defensive Database Programming Techniques@SubjectBeginning='Ne';SubjectBody------------------------------ -------------------Next release delayedStill fixing bugsNew printer arrivedBy the kitchen area-- must return nothingEXEC dbo.SelectMessagesBySubjectBeginning@SubjectBeginning='No Such Subject';SubjectBody------------------------------ -------------------Listing 1-2: A few simple tests against the provided test data demonstrate thatresults match expectations.Handling special characters in searchingIn defensive database programming, it is essential to construct cases of unintended usewith which to break our code. The test data in Listing 1-1 and the stored procedure callsin Listing 1-2 demonstrate the cases of intended use, and clearly the procedure works,when it is used as intended.However, have we considered all the possible cases? Will the procedure continue to workas expected in cases of unintended use? Can we find any hidden bugs in this procedure?In fact, it is embarrassingly easy to break this stored procedure, simply by adding a few"off-topic" messages to our table, as shown in Listing 1-3.INSERT INTO dbo.Messages( Subject ,Body)SELECT '[OT] Great vacation in Norway!' ,'Pictures already uploaded'UNION ALLSELECT '[OT] Great new camera' ,24
Chapter 1: Basic Defensive Database Programming Techniques'Used it on my vacation' ;GO-- must return two rowsEXEC dbo.SelectMessagesBySubjectBeginning@SubjectBeginning = '[OT]' ;SubjectBody------------------------------ -------------------Listing 1-3: Our procedure fails to return "off-topic" messages.Our procedure fails to return the expected messages. In fact, by loading one more message,as shown in Listing 1-4, we can demonstrate that this procedure can also returnincorrect data.INSERT INTO dbo.Messages( Subject ,Body)SELECT 'Ordered new water cooler' ,'Ordered new water cooler' ;EXEC dbo.SelectMessagesBySubjectBeginning@SubjectBeginning = '[OT]' ;SubjectBody------------------------------ -------------------Ordered new water cooler Ordered new water coolerListing 1-4: Our procedure returns the wrong messages when the search patterncontains [OT].When using the LIKE keyword, square brackets ("[" and "]"), are treated as wildcardcharacters, denoting a single character within a given range or set. As a result, while thesearch was intended to be one for off-topic posts, it in fact searched for "any messageswhose subject starts with O or T." Therefore Listing 1-3 returns no rows, since no suchmessages existed at that point, whereas Listing 1-4 "unexpectedly" returns the messagestarting with "O," rather than the off-topic messages.25
Page 5 and 6: Chapter 2: Code Vulnerabilities due
Page 7 and 8: Enforcing Data Integrity in the App
Page 9 and 10: About the AuthorAlex Kuznetsov has
Page 11 and 12: IntroductionResilient T-SQL code is
Page 13 and 14: IntroductionCh. 02: Code Vulnerabil
Page 15 and 16: IntroductionSpecific examples demon
Page 17: IntroductionWhat this book does not
Page 21 and 22: Chapter 1: Basic Defensive Database
Page 57 and 58: Chapter 2: Code Vulnerabilitiesdue
Page 73 and 74:
Chapter 2: Code Vulnerabilities due
Page 75:
Chapter 2: Code Vulnerabilities due
Page 78 and 79:
Chapter 3: Surviving Changes to Dat
Page 80 and 81:
Page 82 and 83:
Page 84 and 85:
Page 86 and 87:
Page 88 and 89:
Page 90 and 91:
Page 92 and 93:
Page 94 and 95:
Page 96 and 97:
Page 98 and 99:
Page 100 and 101:
Page 102 and 103:
Page 104 and 105:
104
Page 106:
Chapter 4: When Upgrading Breaks Co
Page 109 and 110:
Page 111 and 112:
Page 113 and 114:
Page 115 and 116:
Page 117 and 118:
Page 119 and 120:
Page 121 and 122:
Page 123 and 124:
Page 125 and 126:
Page 127 and 128:
Page 130 and 131:
Page 132 and 133:
Chapter 5: Reusing T-SQL CodeThe Da
Page 134 and 135:
Chapter 5: Reusing T-SQL CodeIt is
Page 136 and 137:
Chapter 5: Reusing T-SQL CodeAverag
Page 138 and 139:
Chapter 5: Reusing T-SQL CodeBEGINS
Page 140 and 141:
Chapter 5: Reusing T-SQL CodeWe als
Page 142 and 143:
Chapter 5: Reusing T-SQL CodeLet's
Page 144 and 145:
Chapter 5: Reusing T-SQL CodeStateC
Page 146 and 147:
Chapter 5: Reusing T-SQL CodeStateC
Page 148 and 149:
Chapter 5: Reusing T-SQL CodeBEGIN
Page 150 and 151:
Chapter 5: Reusing T-SQL CodeSELECT
Page 152 and 153:
Chapter 5: Reusing T-SQL CodeReusin
Page 154 and 155:
Chapter 5: Reusing T-SQL CodeIt is
Page 156 and 157:
Chapter 5: Reusing T-SQL CodeINSERT
Page 158 and 159:
Chapter 5: Reusing T-SQL CodeListin
Page 160 and 161:
Chapter 5: Reusing T-SQL CodeUnique
Page 162 and 163:
162
Page 164 and 165:
Chapter 6: Common Problems with Dat
Page 166 and 167:
Page 168 and 169:
Page 170 and 171:
Page 172 and 173:
Page 174 and 175:
Page 176 and 177:
Page 178 and 179:
Page 180 and 181:
Page 182 and 183:
Page 184 and 185:
Page 186 and 187:
Page 188 and 189:
Page 190 and 191:
Page 192 and 193:
Page 194 and 195:
Page 196 and 197:
Page 198 and 199:
Page 200 and 201:
Page 202 and 203:
Page 205 and 206:
Page 207 and 208:
Page 209 and 210:
Chapter 7: Advanced Use ofConstrain
Page 211 and 212:
Chapter 7: Advanced Use of Constrai
Page 213 and 214:
Page 215 and 216:
Page 217 and 218:
Page 219 and 220:
Page 221 and 222:
Page 223 and 224:
Page 225 and 226:
Page 227 and 228:
Page 229 and 230:
Page 231 and 232:
Page 233 and 234:
Page 235 and 236:
Page 237 and 238:
Page 239 and 240:
Page 241 and 242:
Page 243 and 244:
Page 245 and 246:
Page 247 and 248:
Page 249 and 250:
Page 251 and 252:
Page 253 and 254:
Page 255 and 256:
Chapter 8: Defensive ErrorHandlingT
Page 257 and 258:
Chapter 8: Defensive Error Handling
Page 259 and 260:
Page 261 and 262:
Page 263 and 264:
Page 265 and 266:
Page 267 and 268:
Page 269 and 270:
Page 271 and 272:
Page 273 and 274:
Page 275 and 276:
Page 277 and 278:
Page 279 and 280:
Page 281 and 282:
Page 283 and 284:
Page 285 and 286:
Page 287 and 288:
Page 289 and 290:
Page 291 and 292:
show all

Defensive Database Programming - Red Gate Software

Create successful ePaper yourself

Delete template?

Save as template?