Using SUBSTRING based on line number instead of character offset

Suppose we’re running one or more dynamic SQL commands in SQL Server, and we’re getting an error from somewhere within it.

But, to make things interesting, let’s suppose that we’re running a large number of such dynamic SQL commands within a loop, each constructed a bit differently, and we’re finding it difficult to pinpoint which of the dynamic commands is causing the error, and which SQL statement it is exactly.

Could we, perhaps, print the relevant code section based on the error line reported in the CATCH block? Continue reading Using SUBSTRING based on line number instead of character offset

Webinar: Advanced Dynamic Search Queries and How to Protect Them

First of all, I must apologize for the long hiatus since my last published content.
I’ve been busy working on a lot of very different stuff, and unfortunately this delayed me from actually completing any one particular thing.

One thing that I did complete, though, was preparing and submitting a webinar for the PASS Global Hebrew Virtual Group.

The webinar is called “Advanced Dynamic Search Queries and How to Protect Them”, and I will be presenting it on Tuesday, April 30th 2019, 13:00 UTC (15:00 Israel Time). Continue reading Webinar: Advanced Dynamic Search Queries and How to Protect Them

T-SQL Script to Roll Forward Transaction Log Backups

Performing a transaction log backup every 15 minutes has its advantages. But it also has disadvantages. Ever tried to restore hundreds of transaction log backups one by one in order to bring your database back from disaster? Not a bit of fun that is. Check out this useful script that I prepared to help sort this problem out. This script is especially useful for those … Continue reading T-SQL Script to Roll Forward Transaction Log Backups

Creativity has its price

Dynamic Search Queries versus SQL Injection

Dynamic Search Queries SQL Injection is a widely known issue with databases that work as back-ends for websites and applications. In the most part, protecting your website from SQL Injection is fairly easy and you can find a lot of resources on that around the internet. Usually, this issue is solved by using stored procedures with strongly-typed parameters, thus ensuring that non-numerical values won’t be entered … Continue reading Dynamic Search Queries versus SQL Injection

Let SQL Server Write Code for You

Many times I happen to find myself in a situation where, as a DBA, I need to write some long and cumbersome code (usually for maintenance purposes). For example: Write a script to copy a bunch of tables from one database to another. Import the tables from one database to another database. Rebuild a bunch of indexes. Update a bunch of statistics. Write scripts for … Continue reading Let SQL Server Write Code for You