In today’s post, I’ll be providing a useful script to detect and troubleshoot when the query plan cache contains too many different plans for the same query hash, which could happen as a result of possible parameterization issues.
Read More »Too Many Plans for the Same Query Hash
SQL Injection is something I would expect any reader of my blog to be familiar with. Despite being one of the oldest database attack methods, it still persists for decades on the OWASP Top Ten list of critical security risks to web applications.
In fact, instead of dying out, it only seems to be getting more clever and even automated. With “hacker bots” scouring the web and automatically probing for injection vulnerabilities to exploit. I know, as I’ve once been a victim of such attacks in the past.
But today I’m not actually going to talk about that. Today, I’m going to ask the question: When is SQL Injection dangerous, even if it’s perfectly safe?
Read More »Could SQL Injection be dangerous even when perfectly safe?
This month’s T-SQL Tuesday is hosted by Deb the DBA (b|t), who invites us to give a long rant about a question that a coworker could be asking us, without knowing what they’ve just gotten themselves into by doing that.
Well… I’ve got just the thing 🤭
Read More »T-SQL Tuesday #152 – Which version of my database was deployed? It depends!
A few years ago, I created a couple of T-SQL scripts that can be used for comparing instance-level and database-level properties between two HA/DR replicas. Originally, this supported comparing only two servers. But recently, following a fan request, I upgraded the script to support an unlimited number of servers that you can compare to each other.
So, I figured, if one person found this useful, there must be more out there that would need this, right?
Read More »Compare SQL Server Instance Properties
Turns out there’s a shortage of solutions online for easily managing partitioned tables in SQL Server. Well… I guess I’ll have to do it myself!
This is a T-SQL script that I’m cross-publishing with the official Madeira Data Solutions blog.
This script generates various permutations and variations of common and weak passwords and uses the PWDCOMPARE function to check whether there are any enabled SQL logins that have these passwords.
Read More »Detect Weak Passwords in SQL Server
Which drawbacks are there to using the built-in sp_MSforeachdb stored procedure? What other alternatives are out there? Is there a simpler solution? Find out all this and more in this short post.
Read More »The Simplest Alternative to sp_MSforeachdb
“Extended properties allow you to add custom properties to database objects”, so says the official Microsoft documentation. However, very few DBAs make use of them, if at all. This is actually a good thing, because indeed the scenarios in which this feature could be useful are relatively few and rare.
On the other hand, I also see DBAs essentially jumping through hoops to implement something, which could in fact very easily be implemented using Extended Properties.
What are these peculiar use cases? Let’s look at a few examples.
Read More »Finding a use for Extended Properties in SQL Server
In one of my previous posts, Fun with DATETIME Arithmetics, I introduced a way to use “math” to manipulate datetime values for effectively generating, calculating, and displaying intervals (i.e. difference between two datetime values). These mostly work with the addition and subtraction operators (+, -).
In one of the paragraphs, I mentioned multiplication and division, and posed the question about why anyone would ever need to do this.
Read More »Even more fun with DATETIME arithmetics!Did you know that we can have basic datetime arithmetics in SQL server? We can use subtraction to find an accurate difference between two dates, and use addition to add an accurate interval to a datetime column or variable.
Read this post to learn more.