I have a requirement to script all database objects with a specific string in object's Name, Could not find any code snippet to script database objects with search function.
SSMS does not allow for search.
Click on the database name, then select Task, then select Generate Scipts, then Next, select that you want all object scripts or select the objects that you want, then decide where do you want to get the results (in the Advanced tab you can select that you want to have an all data from the database), then Next and Next.
You will have an option to select the object name that you want to have.
Edit: of course if you want to have a dynamic option for solve your problems it's possible, but more complex.
You can get all of your objects with this query:
SELECT *
FROM [Your database name].sys.all_objects
Of course if you want to have just the objects with specific name you can add a "where" statement to get what you need
Than you should write a scripts to get a definitione of each object type. For example in the case of stored procedurÄ™ it's quite simple:
sp_helptext [your_stored_procedure_text]
If you want to get the create table script you will need more complex query, but you can find tchem in the net.
Hope this is helpful for you
Related
I'm new to SQL queries and need to build a custom report in Microsoft SQL Report Builder 3.0. The data source is a SCCM database. I need help with understanding the best approach to achieve the following:
We need to cross reference if a computer exist in two Views, if so show that name in the report.
InputParameter1 = "Please select a View"
InputParameter2 = "Cross reference with this other View"
If I know the names of the Views beforehand I have a query to get what I need from the SQL server, but I need to create a parameter-based report where you select two Views dynamically and the report cross reference them for you and present which computers exists in both Views.
This is the query I can use for a static result. v_CM_RES_COLL_CMS0020B and v_CM_RES_COLL_CMS000D1 are examples of names of possible Views, until I can solve the parameter issue in Report Builder:
SELECT v_GS_SYSTEM.Name0
FROM v_GS_SYSTEM
WHERE Name0 IN
(SELECT Name from v_CM_RES_COLL_CMS0020B)
AND Name0 IN
(SELECT Name from v_CM_RES_COLL_CMS000D1)
I don't know how to proceed in how to make the above query into a parameter report in Report Builder. Somehow I need to change v_M_RES_COL_CMS00### to what ever the user inputs to the parameters. Does anyone know how? Any help is greatly appreciated.
I have the following stored procedure in an SQL Server database...
create procedure SupportTicketsFullTextSearch
#SearchText varchar(1000)
as
begin
select ID, k.rank
from SupportTicketsSummaries st
inner join freetexttable(SupportTicketsSummaries, (ShortSummary, Description), #SearchText) as k on st.ID=k.[key]
order by rank desc
end
I want to use this from Entity Framework, but when I try to add a function import, if I click the button to get the column information, I get the message "The selected stored procedure or function returns no columns"
I've done some searching, and seen a lot of people with the same problem, but they all seem to be using dynamic queries or temporary tables. My query doesn't use either (as far as I am aware anyway), and I can't find any advice that helps.
I tried adding...
SET FMTONLY OFF
...at the beginning of the SP, but it didn't help.
Anyone any ideas how I can import this SP as a function?
Never found out why the import wizard couldn't see the schema, but it turned out to be really easy to fix.
All you need to do is open the model browser, right-click on the Complex Types node, and add a new complex type that has properties that match the columns returned by your stored procedure. Make sure the names match exactly.
Then start the function import wizard, choose complex type, and pick the one you just created from the drop-down list.
Hope this helps someone.
I'm working with a new REST backend talking to a SQL Server. Our REST api allows for the caller to pass in the columns/fields they want returned (?fields=id,name,phone).
The idea seems very normal. The issue I'm bumping up against is resistance to dynamically generating the SQL statement. Any arguments passed in would be passed to the database using a parameterized query, so I'm not concerned about SQL injection.
The basic idea would be to "inject" the column-names passed in, into a SQL that looks like:
SELECT <column-names>
FROM myTable
ORDER BY <column-name-to-sort-by>
LIMIT 1000
We sanitize all column names and verify their existence in the table, to prevent SQL injection issues. Most of our programmers are used to having all SQL in static files, and loading them from disk and passing them on to the database. The idea of code creating SQL makes them very nervous.
I guess I'm curious if others actually do this? If so, how do you do this? If not, how do you manage "dynamic columns and dynamic sort-by" requests passed in?
I think a lot of people do it especially when it comes to reporting features. There are actually two things one should do to stay on the safe side:
Parameterize all WHERE clause values
Use user input values to pick correct column/table names, don't use the user values in the sql statement at all
To elaborate on item #2, I would have a dictionary where Key is a possible user input and Value is a correponding column/table name. You can store this dictionary wherever you want: config file, database, hard code, etc. So when you process user input you just check a dictionary if the Key exists and if it does you use the Value to add a column name to your query. This way you just use user input to pick required column names but don't use the actual values in your sql statement. Besides, you might not want to expose all columns. With a predefined dictionary you can easily control the list of available columns for a user.
Hope it helps!
I've done similar to what Maksym suggests. In my case, keys were pulled directly from the database system tables (after scrubbing the user request a bit for syntactic hacks and permissions).
The following query takes care of some minor injection issues through the natural way SQL handles the LIKE condition. This doesn't go as far as handling permissions on each field (as some fields are forbidden based on the log-in) but it provides a very basic way to retrieve these fields dynamically.
CREATE PROC get_allowed_column_names
#input VARCHAR(MAX)
AS BEGIN
SELECT
columns.name AS allowed_column_name
FROM
syscolumns AS columns,
sysobjects AS tables
WHERE
columns.id = tables.id AND
tables.name = 'Categories' AND
#input LIKE '%' + columns.name + '%'
END
GO
-- The following only returns "Picture"
EXEC get_allowed_column_names 'Category_,Cat%,Picture'
GO
-- The following returns both "CategoryID and Picture"
EXEC get_allowed_column_names 'CategoryID, Picture'
GO
I have searched Google and this site for about 2 hours trying to gather how to do this and no luck on a way that fits/ I understand. As the title says, I need to export table data to an XML file. I have an Azure SQL database with table data.
Table name: District
Table Columns: Id, name, organizationType, address, etc.
I need to take this data and create a XML file that I can save so that it can be given to others.
I have tried using:
SELECT *
FROM dbo.District
FOR XML PATH('districtEntry'), ROOT('leaID')
It gives me the data in XML format, but I don't see a way to save it.
Also, there are some functions I need to be able to perform with the data:
Program should have these options:
1) Export all data.
2) Export all rows created or updated since a specified date.
Files should be named in format ENTITY.DATE.XML, as in
DISTRICT.20150521.XML (use date in YYYYMMDD format).
This leads me to believe I need to write code other than SQL since a requirement would be to query the table for certain data elements as well.
I was wondering if I would need to download any Database Server Data Tools, write code, and if so, in what language, etc. The XML file creation would need to be automated I believe after every update of the table or after a query.
I am very confused and in need of guidance as I now have almost given up hope. Please let me know if I need to clarify anything. Thank you.
P.S. I would have given pictures but I do not have enough reputation to supply them.
I would imagine you're looking to write a program in VB.NET or C#, using ADO.NET in either case. Here's an MSDN article with a complete sample of how to connect to and query SQL Azure:
https://msdn.microsoft.com/en-us/library/azure/ee336243.aspx
The example shows how to write the output to the Console, but you could also write the output similarly using something like a StreamWriter to write it to a file.
You could also create a sqlcmd script to do this, following the guidelines here to connect using sqlcmd:
https://msdn.microsoft.com/en-us/library/azure/ee336280.aspx
Alternatively, if this is a process that does not need to be automated or repeated frequently, you could do it using SSMS:
http://azure.microsoft.com/en-us/documentation/articles/sql-database-manage-azure-ssms/
Running your query through SSMS would produce an XML document, which could be saved using File->Save As
Currently I am designing a database schema where one table will contains details about all students of a university.
I am thinking the way how can I create the search engine query for administrators where they will search for students. (Some properties are Age, Location, Name, Surname etc etc) (approx 20 properties - 1 table)
My idea is to create the sql query dynamically from the code side. Is it the best way or is there any other better ways?
Shall I use a stored procedure?
Is there any other ways?
feel free to share
I am going to assume you have a front end that collects user input, executes a query and returns a result. I would say you HAVE to create the query dynamically from the code side. At the very least you will need to pass in variables that the user selected to query by. I would probably create a method that takes in the key/value search data and use that to execute the query. Because it will only be one table there would probably be no need for a view or stored procedure. I think a simple select statement including your search criteria will work fine.
I would suggest you to use LINQ to SQL and this will allow you to write such queries just in C# code without any SQL procedures. LINQ to SQL will care about security and prevent SQL injections
p.s.
Do not ever compose SQL from concatenated strings like SQL = "select * from table where " + "param1=" + param1 ... :)