I have a column called link, which can hold different types of link. I'd like to retrieve only those that have a urls, i.e. www.google.com, so that I can apply something.
SELECT *
FROM UserAlert
WHERE Link = ...// check whether it's a url
Thanks for helping
This is almost 100% likely to be a job better suited to the front-end application, not the database. It will require code execution on the server.
Here is a thread here on StackOverflow about url detection regexes, from which you can select any of a number of reasonably good expressions: What is the best regular expression to check if a string is a valid URL?
To use regexes in MSSQL, you need to first use MSSQL 2005 or later. Assuming that is the case... you have to wrap regex functionality in a custom CLR object, enable CLR interaction on your whole database, and then you can use that custom CLR object in your WHERE clause.
Here is a detailed article about doing exactly that with examples and step-by-step instructions.
I hope you're REALLY SURE that you want code execution to be part of your database. Good luck!
Related
I would like to know what the fn:data() function does in exist-db. I can't find the answer anywhere on the web.
It seems you have found one documentation of the data function, however, that is part of the MS SQL Server XQuery support.
In general, the W3C XQuery/XPath/XSLT functions are specified in https://www.w3.org/TR/xpath-functions/, so the data function in https://www.w3.org/TR/xpath-functions/#func-data.
Or use the eXist-db documentation if you want an eXist-db specific documentation, searchable at http://www.exist-db.org/exist/apps/fundocs/index.html: for the data function http://www.exist-db.org/exist/apps/fundocs/view.html?uri=http://www.w3.org/2005/xpath-functions&location=java:org.exist.xquery.functions.fn.FnModule&details=true#data.1
For the data function it might not matter but in general the "XQuery" support in non-XML databases like MS SQL is often not complete and/or not based on the current/latest spec so I would start with the W3C specification and then look at vendor specific documentation for the XQuery implementation in use instead of using third party documentation.
I just found the answer to my own question. If anyone else is wondering about this, you can find more here: https://learn.microsoft.com/en-us/sql/xquery/data-accessor-functions-data-xquery?view=sql-server-ver15
I'm after a DB Comparison tool for SQL Server that allows me to do the following:
Schedule a comparison to happen on a recurring schedule
Email me the results (in a nice readable format and not the generated script)
Allow me to exclude/include certain object names (for example exclude table names containing %test%. That's not a real example but there is a good reason why that would come in useful.)
As well as the obvious:
Have the usual options for ignoring things like comments, identity seeds etc
Options for selecting different types of objects
If it was free or at least didn't cost a forture that would be an extra bonus of course.
I have tried out RedGate's SQL Compare and also the built-in DB Comparison in Visual Studio but neither seem able to do the first 3 points above. I also looked at other tools recommended in various threads on here but again they don't mention in their features the 3 points above.
One option I found is RedGate's SQL Comparison SDK with which I think I could write something to do what I want.
I just wanted to investigate tools that might do all of the above out of the box.
Thank you!
SQL Compare Pro comes with a command line, which will be easier to set up than the SDK. If you call this via the Windows Scheduler or in an Agent Job you can achieve what you're looking for.
An example of how to invoke the command line from Powershell it can be found here:
http://www.simple-talk.com/sql/database-administration/auditing-ddl-changes-in-sql-server-databases/
This article also covers how to send an email in Powershell. SQL Compare can also be passed a filter using the /filter switch to exclude objects based on various rules.
http://www.red-gate.com/supportcenter/Content/SQL_Compare/help/10.0/sc_cl_Switches_in_the_cl
Do please email support#red-gate.com should you have trouble getting this working.
I don't think any tool would do all of this out of the box. Have you had a chance to look at
sp_CompareDB. I had a similar requirement and ended up writing my own routine based on the same.
http://www.sql-server-performance.com/2001/database-comparison-sp/
Anyone aware of guidance on creating a custom SSIS connection manager? I want to abstract the complexities of a source system for the folks that need to extract data out of it using SSIS.
The MSDN tutorial is probably not a bad place to start. I haven't tried using their examples to implement a custom connection manager, but I was able to follow their documentation on custom data flow components to create a few of those without too much fuss in the past, so hopefully the connection manager examples are on the same level. I also found this example, which is probably a little more extensive code-wise since it was actually developed for use.
Keep in mind (as they mention on the MSDN page) that custom connection managers don't always play nice with the built-in components, so you often have to create custom data source components as well. Information about developing those seems to be more common at least, probably because actually parsing the source data tends to be a more varied task than setting up the connection.
Is it a one-off package, or intended to be reusable? If the latter, you could simply use a script as a source component (per this example). If it needs limited re-use, copy/paste may be good enough; if not then perhaps a custom component (example here) would do the trick.
I know a little about SQL injections and URL decode, but can someone who's more of an expert than me on this matter take a look at the following string and tell me what exactly it's trying to do?
Some kid from Beijing a couple weeks ago tried a number of injections like the one below.
%27%20and%20char(124)%2Buser%2Bchar(124)=0%20and%20%27%27=%27
It's making a guess about the sort of SQL statement that the form data is being substituted into, and assuming that it will be poorly sanitised at some step along the road. Consider a program talking to an SQL server (Cish code purely for example):
fprintf(sql_connection, "SELECT foo,bar FROM users WHERE user='%s';");
However, with the above string, the SQL server sees:
SELECT foo,bar FROM users WHERE user='' and char(124)+user+char(124)=0 and ''='';
Whoops! That wasn't what you intended. What happens next depends on the database back-end and whether or not you've got verbose error reporting turned on.
It's quite common for lazy web developers to enable verbose error reporting unconditionally for all clients and to not turn it off. (Moral: only enable detailed error reporting for a very tight trusted network, if at all.) Such an error report typically contains some useful information about the structure of the database which the attacker can use to figure out where to go next.
Now consider the username '; DESCRIBE TABLE users; SELECT 1 FROM users WHERE 'a'='. And so it goes on... There are a few different strategies here depending on exactly how the data comes out. SQL injection toolkits exist which can automate this process and attempt to automatically dump out the entire contents of a database via an unsecured web interface. Rafal Los's blog post contains a little more technical insight.
You're not limited to the theft of data, either; if you can insert arbitrary SQL, well, the obligatory xkcd reference illustrates it better than I can.
You'll find detailed info here:
http://blogs.technet.com/b/neilcar/archive/2008/03/15/anatomy-of-a-sql-injection-incident-part-2-meat.aspx
These lines are double-encoded -- the
first set of encoded characters, which
would be translated by IIS, are
denoted by %XX. For example, %20 is a
space. The second set aren't meant to
be translated until they get to the
SQL Server and they use the char(xxx)
function in SQL.
' and char(124)+user+char(124)=0 and ''='
that's strange..however, make sure you escape strings so there will be no sql injections
Other people have covered what's going on, so I'm going to take a moment to get on my high-horse and strongly suggest that if you're not already (I suspect not from a comment below) that you use parameterized queries. They literally make you immune to SQL injection because they cause parameters and the query to be transmitted completely separately. There's also potential performance benefits, yadda yadda, etc.
But seriously, do it.
Are there tools that make the job easier? If command-line only tools exist, then can anyone speculate if there is a market for a GUI tool? For example, you can create a relational database by modeling visually. Should the same notion exist for LDAP?
Apache Directory Studio includes an ldif-Editor. It is still a text editor but with syntax highlighting, autocompletion and group collapsing for ldif files:
http://directory.apache.org/studio/
I don't know if there are any tools but it isn't that hard to create them by hand.
If you are using IPlanet LDAP then they had a nice interface for creating and modifying schemas though. :)
I don't know if you would consider that to be by hand otherwise that is one tool to use.
I've done some LDIF handling using Perl and the Net::LDAP::LDIF module and it made scripting custom LDAP conversions very easy.
Have you looked at the command-line tool, LDIFDE.exe? Should be on your domain controller.
Business people give me Excel spreadsheets with inconsistent formatting of user and group data and want it loaded right away (then they come back with a new version and tell me they've only added some new users, but some are missing, some data is now invalid, there's a missing column etc.) They want unique passwords assigned, group memberships set up based on department id fields, and so forth.
Then they come back two weeks later and want to know about the differences between that spreadsheet and one from six months ago. Sigh.
I generally just do it all with a few hand-crafted Python scripts.
A lot of times you may be copying objects from one tree to another. Or backing them up. In that case, most LDAP tools have some way of exporting as LDIF. Then you can easily modify the files as needed.
Or copy examples to reuse.
I have seen a number of tools that will do tasks and output the results as LDIF, which can be handy, but they are basically point usage tools.