Any idea why the two hashing functions in SQL Server and Oracle yield different results when hashing the non-breaking space character?
Oracle select standard_hash('a ', 'MD5') from dual; results in 25EF28EB5A5BE667C6222418E9E27E8E and doesn't match SQL select HASHBYTES ('MD5','a '); results in CE8F03020C81133B3A082F8051EB9FF6. Note the space after the input 'a' is a non-breaking space character.
Is there any good source that can lay out the differences?
This appears to be a character set or "collation" issue, where Oracle is in UTF-8 and SQL Server is in Latin 1252. My solution was to CONVERT the value to Windows Latin-1252 in Oracle before calculating the hash: select STANDARD_HASH(CONVERT('a ','WE8MSWIN1252'), 'MD5') from dual.
To find my collation/character set I did SELECT collation_name FROM sys.databases WHERE name = 'MY_DB_NAME'; in SQL Server and select * from nls_database_parameters where parameter='NLS_CHARACTERSET'; in Oracle.
First of all you need to establish which one is actually yielding "different" results:
Using your favourite search engine to find online hash generators and testing results.
External Resources
https://passwordsgenerator.net/md5-hash-generator/ - 99020CB24BD13238D907C65CC2B57C03
https://www.md5hashgenerator.com/ - 99020cb24bd13238d907c65cc2b57c03
https://www.miraclesalad.com/webtools/md5.php - 99020cb24bd13238d907c65cc2b57c03
SQL Server
select HASHBYTES ('MD5', 'a ')
SQL Server 2014 SP3 (12.0.6024.0) - 0x99020CB24BD13238D907C65CC2B57C03
SQL Server 2019 (15.0.2080.9) - 0x99020CB24BD13238D907C65CC2B57C03
Oracle (using https://dbfiddle.uk/)
select standard_hash('a ', 'MD5') from dual;
Oracle 21c - 0x99020CB24BD13238D907C65CC2B57C03
Oracle 18c - 0x99020CB24BD13238D907C65CC2B57C03
Oracle 11gR2 - "ORA-00904: "STANDARD_HASH": invalid identifier"
Conclusion
You can see that your Oracle produced answer differs even from other Oracle answers. What version of Oracle are you running? What other options are set, such as collation etc.?
Related
Oracle version 12.1.0.2
max_string_size=extended
I am using sql server ODBC to connect to sql server database via Oracle gateway to sql server, the connection is working fine and i am able to access sql server tables.
However, as per Oracle documentation starting 12c and with extended limit on varchar2 data type the conversion of sqlserver varchar(max) to oracle Long will only happen if the length of sql server data is more than 32k.
My sql server table has few columns defined as varchar(max) in and all of those i see getting converted to LONG when i try to describe the table over dblink.
I need to load the data from sql server to oracle and the above problem is making it very difficult as more than one long columns can not be copied over dblink.
Any help will be deeply appreciated.
I created a view on the SQL server side that uses substr(column,1,4000) to fit within the old Oracle max 4000 character length. This worked quite well with Oracle 11.
I am in the process of migrating to a new Oracle 18 instance that uses character set AL32UTF8 instead of WE8MSWIN1252. The exact same SQL is now getting:
ORA-28500: connection from ORACLE to a non-Oracle system returned this message:
[Microsoft][ODBC Driver Manager] Program type out of range {HY003}
ORA-02063: preceding 2 lines from CEAV195
Fortunately I don't have a tight deadline for working this out.
Comment: I am now getting
[Error] Execution (8: 17): ORA-00997: illegal use of LONG datatype
despite using the following in the view on the SQL Server side:
cast(substring(cr.response,1,2000) as varchar(2000)) response
As I said earlier, this worked perfectly fine with Oracle 11 and the WE8MSWIN1252 character set.
I hit the same issue and found this solution elsewhere
set serverout on
DECLARE
l_cursor BINARY_INTEGER;
l_id VARCHAR2(60);
l_temp VARCHAR2(250);
l_notes VARCHAR2(32767);
BEGIN
l_cursor := DBMS_HS_PASSTHROUGH.open_cursor#remotedb;
DBMS_HS_PASSTHROUGH.parse#remotedb(
l_cursor,
'select "RecId","Notes" from "MySqlServerTable"'
);
LOOP
DBMS_HS_PASSTHROUGH.get_value#remotedb(l_cursor, 1, l_id);
DBMS_HS_PASSTHROUGH.get_value#remotedb(l_cursor, 2, l_notes);
DBMS_OUTPUT.put_line(l_id || ' ' || l_notes);
END LOOP;
exception
when others then
DBMS_HS_PASSTHROUGH.close_cursor#remotedb(l_cursor);
raise;
END;
/
I'm writing a little script to extract the password hashes of SQL Logins on 2008 and 2012 instances. Part of my code looks like this...
SELECT CONVERT (VARCHAR(514), (SELECT CAST (LOGINPROPERTY('sa', 'PasswordHash') AS varbinary(256))), 2)
When I run this in a 2012 instance, it all works fine. But when run on a 2008 instance I get a blank result. I've checked that the SQL login is valid and has a password on the 2008. The online documentation tells me that all the functions are valid between both versions.
What is the difference between the versions?
Regards,
JC
Hash algorythms used:
SQL Server 2012 and above use SHA2-512 (512 bytes hash)
SQL Server 2000 to 2008 R2 use SHA1 (160 bytes hash)
You can also uses this query and DMV:
Select password_hash, * From sys.sql_logins Where name in ('sa')
It gives the same hash that this query:
Select CONVERT (varchar(512), (LOGINPROPERTY('sa', 'PasswordHash') ), 2)
Use this one if you want a varchar starting with 0x
Select CONVERT (varchar(514), (LOGINPROPERTY('sa', 'PasswordHash') ), 1)
I'm working on an application which queries live data on SQL Server. The user enters a name within '% %' marks to search. Ie. if the user was to search for the owner of a property such as Noble, they would enter %noble%.
We recently upgraded both the application and the SQL Server that stores the data from SQL Server 2005 to SQL Server 2012.
The existing query and the new query are identical:
SELECT aurtvalm.pcl_num
FROM aurtvalm
INNER JOIN rtpostal ON aurtvalm.ass_num = rtpostal.ass_num
WHERE rtpostal.fmt_nm2 LIKE ?
In the old version, the above query produces 16 results. The exact same query in 2012 version produces an error:
Incorrect Syntax near '?'
Has the use of the ? symbol changed since SQL Server 2005?
That because you have incorrect syntax. You have to use parameter instead of question mark. Something like:
SELECT aurtvalm.pcl_num
FROM aurtvalm
INNER JOIN rtpostal ON aurtvalm.ass_num = rtpostal.ass_num
WHERE rtpostal.fmt_nm2 like #param
I've been using Narayana Vyas Kondreddi's excellent stored procedure sp_generate_inserts http://vyaskn.tripod.com/code/generate_inserts.txt in a SQL Server 2005 database.
But after moving to SQL Server 2008 I get weird results where a long whitespace is inserted after UNIQUEIDENTIFIER values:
INSERT INTO [BannerGroups]([Id], [DescriptionText], [Width], [Height])
VALUES('BFCD0173-9432-47D1-84DF-8AB3FB40BF76 ', 'Example', 145, NULL)
Anyone know how to fix this?
Appears to be this section, just over half way down:
WHEN #Data_Type IN ('uniqueidentifier')
THEN
'COALESCE('''''''' + REPLACE(CONVERT(char(255),RTRIM(' + #Column_Name + ')),'''''''','''''''''''')+'''''''',''NULL'')'
See it's converting to a CHAR(255) which means the value is being padded out to 255 characters. Change that to VARCHAR instead and it should be fine as that will not pad the values out with spaces.
Since SQL Server 2008 we can generate the INSERT scripts via Generate Script utility itself.
For more detailed answer check out - What is the best way to auto-generate INSERT statements for a SQL Server table?
I need a safe (i.e consistent, robust) way of detecting whether or not the sql server I'm accessing is Sql Express. I think I'd prefer to be able to do this from TSQL, since I already have a connection string and all the libraries I need to execute TSQL (this should help avoid issues with whether or not WMI is installed/running, the user has permissions to access the registry etc).
Does anyone know of a way to do this ?
Thanks.
PS: Basically I want to do this so I can monitor my database size against the 4gb limit and take action when I approach it... but if I'm running on a full Sql Server edition then I don't want the code to worry about it since there is no (practical) hard coded limit. I could put in a manual setting in my program, but it would be much nicer if the code just did the right thing automatically, hence the need to know if the server is the 'Express' edition or not.
Use
SELECT SERVERPROPERTY('EditionID')
or
SELECT SERVERPROPERTY('Edition')
to detect which version of SQLServer is running.
http://msdn.microsoft.com/en-us/library/ms174396.aspx
This will return 0 if it's not, and something non-zero (126 here) if it is:
select charindex('Express Edition',##version)
Example in a boolean context:
if (select charindex('Express Edition',##version)) > 0
begin
print 'Express edition!'
end
else
begin
print 'Not Express edition!'
end
The SERVERPROPERTY function was already mentioned in multiple other answers, but there's a better solution than checking if a string contains "Express Edition": the EngineEdition argument, which returns an int value.
Quote from the link:
EngineEdition
Database Engine edition of the instance of SQL Server installed on the
server.
1 = Personal or Desktop Engine (Not available in SQL Server 2005 and
later versions.)
2 = Standard (This is returned for Standard, Web, and Business
Intelligence.)
3 = Enterprise (This is returned for Evaluation, Developer, and both
Enterprise editions.)
4 = Express (This is returned for Express, Express with Tools and
Express with Advanced Services)
5 = SQL Database
6 - SQL Data Warehouse
Base data type: int
So you can check for Express Edition like this:
if SERVERPROPERTY('EngineEdition') = 4
begin
select 'Express'
end
else
begin
select 'not Express'
end
There are a number of ways:
EXEC sp_server_info 2
Or
SELECT ##version
Or
SELECT serverproperty('ProductVersion')
You Can Also do this:
DECLARE #ver nvarchar(128)
SET #ver = CAST(serverproperty('ProductVersion') AS nvarchar)
SET #ver = SUBSTRING(#ver, 1, CHARINDEX('.', #ver) - 1)
IF ( #ver = '8' )
SELECT 'SQL Server 2000'
ELSE IF ( #ver = '9' )
SELECT 'SQL Server 2005'
ELSE
SELECT 'Unsupported SQL Server Version'
More info at: http://blog.devstone.com/aaron/default,date,2006-12-15.aspx
You can use SERVERPROPERTY('Edition') which will return "Express Edition"
What happens in SQL Server Express if you don't monitor the size, but get to the limit? Are there warnings first? Events in the event log?
If so, then you might do better to allow SQL Server to issue the warnings, and then just listen to them. The same might well apply for a SQL Server Enterprise installation if a disk gets full.