Defensive Database Programming - Red Gate Software

More documents

Recommendations

Info

Chapter 2: Code Vulnerabilities due to SQL Server Misconceptions-- they are skipped to keep the example shortSenderID INT NOT NULL ,ReceiverID INT NOT NULL ,MessageDateAsVarcharColumn VARCHAR(30) NULL ,SomeMoreData CHAR(200) NULL) ;GOINSERT INTO dbo.Messages( MessageID ,SenderID ,ReceiverID ,MessageDateAsVarcharColumn ,SomeMoreData)SELECT n ,n % 1000 ,n / 1000 ,'Wrong Date' ,'SomeMoreData'FROM dbo.Numbers ;GO-- after the insert all the messages have wrong datesUPDATE dbo.MessagesSET MessageDateAsVarcharColumn = '20090707'WHERE SenderID = 123AND ReceiverID = 456 ;-- after the update exactly one message has a valid dateListing 2-2: Creating the helper Numbers table and Messages table.Given that almost all the rows in this table have invalid DATETIME values, attempting toconvert such invalid values to DATETIME leads to conversion errors, such as shown inListing 2-3.60
Chapter 2: Code Vulnerabilities due to SQL Server MisconceptionsSELECT MessageID ,SenderID ,ReceiverID ,MessageDateAsVarcharColumn ,SomeMoreDataFROM dbo.MessagesWHERE CAST(MessageDateAsVarcharColumn AS DATETIME) ='20090707';-- your actual error message may be different-- depending on the version of SQL ServerMsg 241, Level 16, State 1, Line 1Conversion failed when converting datetime from characterstring.Listing 2-3: A simple query against the Messages table fails with a conversion error.Clearly, we need to filter out invalid values before converting to DATETIME. The naïvequery shown in Listing 2-4 may or may not work on your server.SELECT MessageID ,SenderID ,ReceiverID ,MessageDateAsVarcharColumn ,SomeMoreDataFROM dbo.MessagesWHERE ISDATE(MessageDateAsVarcharColumn) = 1AND CAST(MessageDateAsVarcharColumn AS DATETIME)= '20090707' ;Listing 2-4: An unsafe way to filter out invalid DATETIME values.There is no way to predict whether or not this query will work for you; the databaseengine will evaluate the WHERE conditions in any order it wishes. In fact, if it does workfor you, you are unlucky. If it is going to break, as it inevitably will, it is best to knowimmediately rather than find out later, at some inconvenient moment.61
Page 5 and 6:
Chapter 2: Code Vulnerabilities due
Page 7 and 8:
Enforcing Data Integrity in the App
Page 9 and 10: About the AuthorAlex Kuznetsov has
Page 11 and 12: IntroductionResilient T-SQL code is
Page 13 and 14: IntroductionCh. 02: Code Vulnerabil
Page 15 and 16: IntroductionSpecific examples demon
Page 17: IntroductionWhat this book does not
Page 21 and 22: Chapter 1: Basic Defensive Database
Page 57 and 58: Chapter 2: Code Vulnerabilitiesdue
Page 59: Chapter 2: Code Vulnerabilities due
Page 63 and 64: Chapter 2: Code Vulnerabilities due
Page 75: Chapter 2: Code Vulnerabilities due
Page 78 and 79: Chapter 3: Surviving Changes to Dat
Page 104 and 105: 104
Page 106: Chapter 4: When Upgrading Breaks Co
Page 109 and 110: Chapter 4: When Upgrading Breaks Co
Page 111 and 112:
Chapter 4: When Upgrading Breaks Co
Page 113 and 114:
Page 115 and 116:
Page 117 and 118:
Page 119 and 120:
Page 121 and 122:
Page 123 and 124:
Page 125 and 126:
Page 127 and 128:
Page 130 and 131:
Page 132 and 133:
Chapter 5: Reusing T-SQL CodeThe Da
Page 134 and 135:
Chapter 5: Reusing T-SQL CodeIt is
Page 136 and 137:
Chapter 5: Reusing T-SQL CodeAverag
Page 138 and 139:
Chapter 5: Reusing T-SQL CodeBEGINS
Page 140 and 141:
Chapter 5: Reusing T-SQL CodeWe als
Page 142 and 143:
Chapter 5: Reusing T-SQL CodeLet's
Page 144 and 145:
Chapter 5: Reusing T-SQL CodeStateC
Page 146 and 147:
Chapter 5: Reusing T-SQL CodeStateC
Page 148 and 149:
Chapter 5: Reusing T-SQL CodeBEGIN
Page 150 and 151:
Chapter 5: Reusing T-SQL CodeSELECT
Page 152 and 153:
Chapter 5: Reusing T-SQL CodeReusin
Page 154 and 155:
Chapter 5: Reusing T-SQL CodeIt is
Page 156 and 157:
Chapter 5: Reusing T-SQL CodeINSERT
Page 158 and 159:
Chapter 5: Reusing T-SQL CodeListin
Page 160 and 161:
Chapter 5: Reusing T-SQL CodeUnique
Page 162 and 163:
162
Page 164 and 165:
Chapter 6: Common Problems with Dat
Page 166 and 167:
Page 168 and 169:
Page 170 and 171:
Page 172 and 173:
Page 174 and 175:
Page 176 and 177:
Page 178 and 179:
Page 180 and 181:
Page 182 and 183:
Page 184 and 185:
Page 186 and 187:
Page 188 and 189:
Page 190 and 191:
Page 192 and 193:
Page 194 and 195:
Page 196 and 197:
Page 198 and 199:
Page 200 and 201:
Page 202 and 203:
Page 205 and 206:
Page 207 and 208:
Page 209 and 210:
Chapter 7: Advanced Use ofConstrain
Page 211 and 212:
Chapter 7: Advanced Use of Constrai
Page 213 and 214:
Page 215 and 216:
Page 217 and 218:
Page 219 and 220:
Page 221 and 222:
Page 223 and 224:
Page 225 and 226:
Page 227 and 228:
Page 229 and 230:
Page 231 and 232:
Page 233 and 234:
Page 235 and 236:
Page 237 and 238:
Page 239 and 240:
Page 241 and 242:
Page 243 and 244:
Page 245 and 246:
Page 247 and 248:
Page 249 and 250:
Page 251 and 252:
Page 253 and 254:
Page 255 and 256:
Chapter 8: Defensive ErrorHandlingT
Page 257 and 258:
Chapter 8: Defensive Error Handling
Page 259 and 260:
Page 261 and 262:
Page 263 and 264:
Page 265 and 266:
Page 267 and 268:
Page 269 and 270:
Page 271 and 272:
Page 273 and 274:
Page 275 and 276:
Page 277 and 278:
Page 279 and 280:
Page 281 and 282:
Page 283 and 284:
Page 285 and 286:
Page 287 and 288:
Page 289 and 290:
Page 291 and 292:
show all

Defensive Database Programming - Red Gate Software

Create successful ePaper yourself

Delete template?

Save as template?