Search Results

Search found 10424 results on 417 pages for 'persisted column'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 72/417 | < Previous Page | 68 69 70 71 72 73 74 75 76 77 78 79  | Next Page >

  • How do I make a function in SQL Server that accepts a column of data?

    - by brandon k
    I made the following function in SQL Server 2008 earlier this week that takes two parameters and uses them to select a column of "detail" records and returns them as a single varchar list of comma separated values. Now that I get to thinking about it, I would like to take this table and application-specific function and make it more generic. I am not well-versed in defining SQL functions, as this is my first. How can I change this function to accept a single "column" worth of data, so that I can use it in a more generic way? Instead of calling: SELECT ejc_concatFormDetails(formuid, categoryName) I would like to make it work like: SELECT concatColumnValues(SELECT someColumn FROM SomeTable) Here is my function definition: FUNCTION [DNet].[ejc_concatFormDetails](@formuid AS int, @category as VARCHAR(75)) RETURNS VARCHAR(1000) AS BEGIN DECLARE @returnData VARCHAR(1000) DECLARE @currentData VARCHAR(75) DECLARE dataCursor CURSOR FAST_FORWARD FOR SELECT data FROM DNet.ejc_FormDetails WHERE formuid = @formuid AND category = @category SET @returnData = '' OPEN dataCursor FETCH NEXT FROM dataCursor INTO @currentData WHILE (@@FETCH_STATUS = 0) BEGIN SET @returnData = @returnData + ', ' + @currentData FETCH NEXT FROM dataCursor INTO @currentData END CLOSE dataCursor DEALLOCATE dataCursor RETURN SUBSTRING(@returnData,3,1000) END As you can see, I am selecting the column data within my function and then looping over the results with a cursor to build my comma separated varchar. How can I alter this to accept a single parameter that is a result set and then access that result set with a cursor?

    Read the article

  • How to add "missing" columns in a column group in reporting services?

    - by Gimly
    Hello, I'm trying to create a report that displays for each months of the year the quantity of goods sold. I have a query that returns the list of goods sold for each month, it looks something like this : SELECT Seller.FirstName, Seller.LastName, SellingHistory.Month, SUM(SellingHistory.QuantitySold) FROM SellingHistory JOIN Seller on SellingHistory.SellerId = Seller.SellerId WHERE SellingHistory.Year = @Year GOUP BY Seller.FirstName, Seller.LastName, SellingHistory.Month What I want to do is display a report that has a column for each months + a total column that will display for each Seller the quantity sold in the selected month. Seller Name | Jan | Feb | Mar | Apr | May | Jun | Jul | Aug | Sep | Oct | Nov | Dec | Total What I managed to do is using a matrix and a column group (group on Month) to display the columns for existing data, if I have data from January to March, it will display the 3 first columns and the total. What I would like to do is always display all the columns. I thought about making that by adding the missing months in the SQL request, but I find that a bit weird and I'm sure there must be some "cleanest" solution as this is something that must be quite frequent. Thanks. PS: I'm using SQL Server Express 2008

    Read the article

  • SQL SERVER – Weekly Series – Memory Lane – #039

    - by Pinal Dave
    Here is the list of selected articles of SQLAuthority.com across all these years. Instead of just listing all the articles I have selected a few of my most favorite articles and have listed them here with additional notes below it. Let me know which one of the following is your favorite article from memory lane. 2007 FQL – Facebook Query Language Facebook list following advantages of FQL: Condensed XML reduces bandwidth and parsing costs. More complex requests can reduce the number of requests necessary. Provides a single consistent, unified interface for all of your data. It’s fun! UDF – Get the Day of the Week Function The day of the week can be retrieved in SQL Server by using the DatePart function. The value returned by the function is between 1 (Sunday) and 7 (Saturday). To convert this to a string representing the day of the week, use a CASE statement. UDF – Function to Get Previous And Next Work Day – Exclude Saturday and Sunday While reading ColdFusion blog of Ben Nadel Getting the Previous Day In ColdFusion, Excluding Saturday And Sunday, I realize that I use similar function on my SQL Server Database. This function excludes the Weekends (Saturday and Sunday), and it gets previous as well as next work day. Complete Series of SQL Server Interview Questions and Answers Data Warehousing Interview Questions and Answers – Introduction Data Warehousing Interview Questions and Answers – Part 1 Data Warehousing Interview Questions and Answers – Part 2 Data Warehousing Interview Questions and Answers – Part 3 Data Warehousing Interview Questions and Answers Complete List Download 2008 Introduction to Log Viewer In SQL Server all the windows event logs can be seen along with SQL Server logs. Interface for all the logs is same and can be launched from the same place. This log can be exported and filtered as well. DBCC SHRINKFILE Takes Long Time to Run If you are DBA who are involved with Database Maintenance and file group maintenance, you must have experience that many times DBCC SHRINKFILE operations takes a long time but any other operations with Database are relatively quicker. mssqlsystemresource – Resource Database The purpose of resource database is to facilitates upgrading to the new version of SQL Server without any hassle. In previous versions whenever version of SQL Server was upgraded all the previous version system objects needs to be dropped and new version system objects to be created. 2009 Puzzle – Write Script to Generate Primary Key and Foreign Key In SQL Server Management Studio (SSMS), there is no option to script all the keys. If one is required to script keys they will have to manually script each key one at a time. If database has many tables, generating one key at a time can be a very intricate task. I want to throw a question to all of you if any of you have scripts for the same purpose. Maximizing View of SQL Server Management Studio – Full Screen – New Screen I had explained the following two different methods: 1) Open Results in Separate Tab - This is a very interesting method as result pan shows up in a different tab instead of the splitting screen horizontally. 2) Open SSMS in Full Screen - This works always and to its best. Not many people are aware of this method; hence, very few people use it to enhance performance. 2010 Find Queries using Parallelism from Cached Plan T-SQL script gets all the queries and their execution plan where parallelism operations are kicked up. Pay attention there is TOP 10 is used, if you have lots of transactional operations, I suggest that you change TOP 10 to TOP 50 This is the list of the all the articles in the series of computed columns. SQL SERVER – Computed ColumnPERSISTED and Storage This article talks about how computed columns are created and why they take more storage space than before. SQL SERVER – Computed ColumnPERSISTED and Performance This article talks about how PERSISTED columns give better performance than non-persisted columns. SQL SERVER – Computed ColumnPERSISTED and Performance – Part 2 This article talks about how non-persisted columns give better performance than PERSISTED columns. SQL SERVER – Computed Column and Performance – Part 3 This article talks about how Index improves the performance of Computed Columns. SQL SERVER – Computed ColumnPERSISTED and Storage – Part 2 This article talks about how creating index on computed column does not grow the row length of table. SQL SERVER – Computed Columns – Index and Performance This article summarized all the articles related to computed columns. 2011 SQL SERVER – Interview Questions and Answers – Frequently Asked Questions – Data Warehousing Concepts – Day 21 of 31 What is Data Warehousing? What is Business Intelligence (BI)? What is a Dimension Table? What is Dimensional Modeling? What is a Fact Table? What are the Fundamental Stages of Data Warehousing? What are the Different Methods of Loading Dimension tables? Describes the Foreign Key Columns in Fact Table and Dimension Table? What is Data Mining? What is the Difference between a View and a Materialized View? SQL SERVER – Interview Questions and Answers – Frequently Asked Questions – Data Warehousing Concepts – Day 22 of 31 What is OLTP? What is OLAP? What is the Difference between OLTP and OLAP? What is ODS? What is ER Diagram? SQL SERVER – Interview Questions and Answers – Frequently Asked Questions – Data Warehousing Concepts – Day 23 of 31 What is ETL? What is VLDB? Is OLTP Database is Design Optimal for Data Warehouse? If denormalizing improves Data Warehouse Processes, then why is the Fact Table is in the Normal Form? What are Lookup Tables? What are Aggregate Tables? What is Real-Time Data-Warehousing? What are Conformed Dimensions? What is a Conformed Fact? How do you Load the Time Dimension? What is a Level of Granularity of a Fact Table? What are Non-Additive Facts? What is a Factless Facts Table? What are Slowly Changing Dimensions (SCD)? SQL SERVER – Interview Questions and Answers – Frequently Asked Questions – Data Warehousing Concepts – Day 24 of 31 What is Hybrid Slowly Changing Dimension? What is BUS Schema? What is a Star Schema? What Snow Flake Schema? Differences between the Star and Snowflake Schema? What is Difference between ER Modeling and Dimensional Modeling? What is Degenerate Dimension Table? Why is Data Modeling Important? What is a Surrogate Key? What is Junk Dimension? What is a Data Mart? What is the Difference between OLAP and Data Warehouse? What is a Cube and Linked Cube with Reference to Data Warehouse? What is Snapshot with Reference to Data Warehouse? What is Active Data Warehousing? What is the Difference between Data Warehousing and Business Intelligence? What is MDS? Explain the Paradigm of Bill Inmon and Ralph Kimball. SQL SERVER – Azure Interview Questions and Answers – Guest Post by Paras Doshi – Day 25 of 31 Paras Doshi has submitted 21 interesting question and answers for SQL Azure. 1.What is SQL Azure? 2.What is cloud computing? 3.How is SQL Azure different than SQL server? 4.How many replicas are maintained for each SQL Azure database? 5.How can we migrate from SQL server to SQL Azure? 6.Which tools are available to manage SQL Azure databases and servers? 7.Tell me something about security and SQL Azure. 8.What is SQL Azure Firewall? 9.What is the difference between web edition and business edition? 10.How do we synchronize On Premise SQL server with SQL Azure? 11.How do we Backup SQL Azure Data? 12.What is the current pricing model of SQL Azure? 13.What is the current limitation of the size of SQL Azure DB? 14.How do you handle datasets larger than 50 GB? 15.What happens when the SQL Azure database reaches Max Size? 16.How many databases can we create in a single server? 17.How many servers can we create in a single subscription? 18.How do you improve the performance of a SQL Azure Database? 19.What is code near application topology? 20.What were the latest updates to SQL Azure service? 21.When does a workload on SQL Azure get throttled? SQL SERVER – Interview Questions and Answers – Guest Post by Malathi Mahadevan – Day 26 of 31 Malachi had asked a simple question which has several answers. Each answer makes you think and ponder about the reality of the IT world. Look at the simple question – ‘What is the toughest challenge you have faced in your present job and how did you handle it’? and its various answers. Each answer has its own story. SQL SERVER – Interview Questions and Answers – Guest Post by Rick Morelan – Day 27 of 31 Rick Morelan of Joes2Pros has written an excellent blog post on the subject how to find top N values. Most people are fully aware of how the TOP keyword works with a SELECT statement. After years preparing so many students to pass the SQL Certification I noticed they were pretty well prepared for job interviews too. Yes, they would do well in the interview but not great. There seemed to be a few questions that would come up repeatedly for almost everyone. Rick addresses similar questions in his lucid writing skills. 2012 Observation of Top with Index and Order of Resultset SQL Server has lots of things to learn and share. It is amazing to see how people evaluate and understand different techniques and styles differently when implementing. The real reason may be absolutely different but we may blame something totally different for the incorrect results. Read the blog post to learn more. How do I Record Video and Webcast How to Convert Hex to Decimal or INT Earlier I asked regarding a question about how to convert Hex to Decimal. I promised that I will post an answer with Due Credit to the author but never got around to post a blog post around it. Read the original post over here SQL SERVER – Question – How to Convert Hex to Decimal. Query to Get Unique Distinct Data Based on Condition – Eliminate Duplicate Data from Resultset The natural reaction will be to suggest DISTINCT or GROUP BY. However, not all the questions can be solved by DISTINCT or GROUP BY. Let us see the following example, where a user wanted only latest records to be displayed. Let us see the example to understand further. Reference: Pinal Dave (http://blog.sqlauthority.com) Filed under: Memory Lane, PostADay, SQL, SQL Authority, SQL Query, SQL Server, SQL Tips and Tricks, T SQL, Technology

    Read the article

  • EXCEL 2010 Check if sub string value in cell match with other string from range of cells

    - by gotqn
    I am stuck with this one from hours. I have range with cells with string values: A1 text1 A2 text2 An text3 And other column with other string values like: B1 text1sampletext B2 text2sampletext B3 text3sampletext B4 text1sampletext B5 text1sampletext I have to check if text in column A is sub string of text in column B. If it is, to set in column C the text from column A. Like this: B1 text1sampletext - C1 text1 B2 text2sampletext - C1 text2 B3 text3sampletext - C1 text3 B4 text1sampletext - C1 text1 B5 text1sampletext - C1 text1

    Read the article

  • Is there any way to send a column value from outer query to inner sub query? [closed]

    - by chetan
    'Discussions' table schema title description desid replyto upvote downvote views browser used a1 none 1 1 12 - bad topic b2 a1 2 3 14 sql database a3 none 4 5 34 - crome b4 a3 3 4 12 The above table has two types of content types Main Topics and Comments. Unique content identifier 'desid' used to identify that its a main topic or a comment. 'desid' starts with 'a' for Main Topic and for comment 'desid' starts with 'b'. For comment 'replyto' is the 'desid' of main topic to which this comment is associated. I like to find out the list of the top main topics that are arranged on the basis of (upvote+downvote+visits+number of comments to it) addition. The following query gives top topics list in order of (upvote+downvote+visits) select * with highest number of upvote+downvote+views by query "select * from [DB_user1212].[dbo].[discussions] where desid like 'a%' order by (upvote+downvote+visited) desc For (comments+upvote+downvote+views ) I tried select * from [DB_user1212].[dbo].[discussions] where desid like 'a%' order by ((select count(*) from [DB_user1212].[dbo].[discussions] where replyto = desid )+upvote+downvote+visited) desc but it didn't work because its not possible to send desid from outer query to inner subquery. How to solve this? Please note that I want solution in query language only.

    Read the article

  • SQL Server 22005: Top 1 * for a unique column?

    - by Echilon
    I have data in a table (below), and I need to select the most recent update from each user. Here the data has been sorted by date, so the 'SomeData' column of the most recent unique value of each user. Top 1 SomeData isn't going to work because it will only return for one user. Is this even possible using only SQL? Date SomeData User ... 8/5/2010 2.2 UserC 4/5/2010 1.1 UserA 3/5/2010 9.4 UserB 1/5/2010 3.7 UserA 1/5/2010 6.1 UserB

    Read the article

  • How do I select a field/column from the output of `ls -l`?

    - by soandos
    My goal is deceptively simple (at least to me). I wish to take the output of ls -l or ls -lh and select just one field. I am looking for this to be as bulletproof as possible, by which I mean, assume that filenames can have a variable number of spaces, not everything in the field has the same length, etc. Bonus points for having a script that will take the name of the the field (or even just a field number), and then return the contents of the field. I want to turn into:

    Read the article

  • Custom Validation - Dependent Drop Down Lists

    - by Holysmoke
    Hi, I've two columns in a sheet that are interdependent and I want to use validation, drop-down lists, on both as follows: Column A (TYPE) | Column B (Sub-TYPE) ------------------------------------------| TypeA, TypeB | If TypeA SubTypeA1, | ... TypeN | SubTypeA2 ... SubTypeAN | ------------------------------------------| Creating the column A drop down is trivial. How do I create the Column B drop down, that in turn depends on what was chosen in Column A? TIA

    Read the article

  • Why have column borders gone missing in Rhythmbox gui?

    - by amadis
    My theme doesn't use shading, only borders/outlines. Since a few weeks ago Rhythmbox has stopped drawing all borders so that I can't see columns or sections very well. Even my scrollbars are not being drawn correctly. This makes the gui really hard to use. When I change themes it seems that Rhythmbox has changed its gui to use only shading to delineate sections, tabs, columns, etc.. Rhythmbox seems to be the only program that has this problem so I'm guessing this is a Rhythmbox thing, but not sure. My theme is not updated for gtk 3.6 Maybe that is the issue? Anyone know what's going on?

    Read the article

  • Help with Hibernate mapping

    - by GigaPr
    Hi i have the following classes public class RSS { private Integer id; private String title; private String description; private String link; private Date dateCreated; private Collection rssItems; private String url; private String language; private String rating; private Date pubDate; private Date lastBuildDate; private User user; private Date dateModified; public RSS() { } public Integer getId() { return id; } public void setId(Integer id) { this.id = id; } public String getTitle() { return title; } public void setTitle(String title) { this.title = title; } public void setDescription(String description){ this.description = description; } public String getDescription(){ return this.description; } public void setLink(String link){ this.link = link; } public String getLink(){ return this.link; } public void setUrl(String url){ this.url = url; } public String getUrl(){ return this.url; } public void setLanguage(String language){ this.language = language; } public String getLanguage(){ return this.language; } public void setRating(String rating){ this.rating = rating; } public String getRating(){ return this.rating; } public Date getPubDate() { return pubDate; } public void setPubDate(Date pubDate) { this.pubDate = pubDate; } public Date getLastBuildDate() { return lastBuildDate; } public void setLastBuildDate(Date lastBuildDate) { this.lastBuildDate = lastBuildDate; } public Date getDateModified() { return dateModified; } public void setDateModified(Date dateModified) { this.dateModified = dateModified; } public Date getDateCreated() { return dateCreated; } public void setDateCreated(Date dateCreated) { this.dateCreated = dateCreated; } public Collection getRssItems() { return rssItems; } public void setRssItems(Collection rssItems) { this.rssItems = rssItems; } } public class RSSItem { private RSS rss; private Integer id; private String title; private String description; private String link; private Date dateCreated; private Date dateModified; private int rss_id; public RSSItem() {} public Integer getId() { return id; } public void setId(Integer id) { this.id = id; } public String getTitle() { return title; } public void setTitle(String title) { this.title = title; } public String getDescription() { return description; } public void setDescription(String description) { this.description = description; } public String getLink() { return link; } public void setLink(String link) { this.link = link; } public Date getDateCreated() { return dateCreated; } public void setDateCreated(Date dateCreated) { this.dateCreated = dateCreated; } public Date getDateModified() { return dateModified; } public void setDateModified(Date dateModified) { this.dateModified = dateModified; } public RSS getRss() { return rss; } public void setRss(RSS rss) { this.rss = rss; } } that i mapped as <hibernate-mapping> <class name="com.rssFeed.domain.RSS" schema="PUBLIC" table="RSS"> <id name="id" type="int"> <column name="ID"/> <generator class="native"/> </id> <property name="title" type="string"> <column name="TITLE" not-null="true"/> </property> <property name="lastBuildDate" type="java.util.Date"> <column name="LASTBUILDDATE"/> </property> <property name="pubDate" type="java.util.Date"> <column name="PUBDATE" /> </property> <property name="dateCreated" type="java.util.Date"> <column name="DATECREATED" not-null="true"/> </property> <property name="dateModified" type="java.util.Date"> <column name="DATEMODIFIED" not-null="true"/> </property> <property name="description" type="string"> <column name="DESCRIPTION" not-null="true"/> </property> <property name="link" type="string"> <column name="LINK" not-null="true"/> </property> <property name="url" type="string"> <column name="URL" not-null="true"/> </property> <property name="language" type="string"> <column name="LANGUAGE" not-null="true"/> </property> <property name="rating" type="string"> <column name="RATING"/> </property> <set inverse="true" lazy="false" name="rssItems"> <key> <column name="RSS_ID"/> </key> <one-to-many class="com.rssFeed.domain.RSSItem"/> </set> </class> </hibernate-mapping> <hibernate-mapping> <class name="com.rssFeed.domain.RSSItem" schema="PUBLIC" table="RSSItem"> <id name="id" type="int"> <column name="ID"/> <generator class="native"/> </id> <property name="title" type="string"> <column name="TITLE" not-null="true"/> </property> <property name="description" type="string"> <column name="DESCRIPTION" not-null="true"/> </property> <property name="link" type="string"> <column name="LINK" not-null="true"/> </property> <property name="dateCreated" type="java.util.Date"> <column name="DATECREATED"/> </property> <property name="dateModified" type="java.util.Date"> <column name="DATEMODIFIED"/> </property> <many-to-one class="com.rssFeed.domain.RSS" fetch="select" name="rss"> <column name="RSS_ID"/> </many-to-one> </class> </hibernate-mapping> But when i try to fetch an RSS I get the following error Exception occurred in target VM: failed to lazily initialize a collection of role: com.rssFeed.domain.RSS.rssItems, no session or session was closed org.hibernate.LazyInitializationException: failed to lazily initialize a collection of role: com.rssFeed.domain.RSS.rssItems, no session or session was closed at org.hibernate.collection.AbstractPersistentCollection.throwLazyInitializationException(AbstractPersistentCollection.java:358) at org.hibernate.collection.AbstractPersistentCollection.throwLazyInitializationExceptionIfNotConnected(AbstractPersistentCollection.java:350) at org.hibernate.collection.AbstractPersistentCollection.readSize(AbstractPersistentCollection.java:97) at org.hibernate.collection.PersistentSet.size(PersistentSet.java:139) at com.rssFeed.dao.hibernate.HibernateRssDao.get(HibernateRssDao.java:47) at com.rssFeed.ServiceImplementation.RssServiceImplementation.get(RssServiceImplementation.java:46) at com.rssFeed.mvc.ViewRssController.handleRequest(ViewRssController.java:20) at org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:48) at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:875) at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:809) at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:476) at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:431) at javax.servlet.http.HttpServlet.service(HttpServlet.java:734) at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) at org.apache.catalina.core.StandardWrapper.service(StandardWrapper.java:1523) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:279) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:188) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:641) at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:97) at com.sun.enterprise.web.PESessionLockingStandardPipeline.invoke(PESessionLockingStandardPipeline.java:85) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:185) at org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:332) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:233) at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:165) at com.sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:791) at com.sun.grizzly.http.ProcessorTask.doProcess(ProcessorTask.java:693) at com.sun.grizzly.http.ProcessorTask.process(ProcessorTask.java:954) at com.sun.grizzly.http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:170) at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:135) at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:102) at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:88) at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:76) at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:53) at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:57) at com.sun.grizzly.ContextTask.run(ContextTask.java:69) at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:330) at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:309) at java.lang.Thread.run(Thread.java:619) < what does it mean? Thanks

    Read the article

  • JPA entities -- org.hibernate.TypeMismatchException

    - by shane lee
    Environment: JDK 1.6, JEE5 Hibernate Core 3.3.1.GA, Hibernate Annotations 3.4.0.GA DB:Informix Used reverse engineering to create my persistence entities from db schema [NB:This is a schema in work i cannot change] Getting exception when selecting list of basic_auth_accounts org.hibernate.TypeMismatchException: Provided id of the wrong type for class ebusiness.weblogic.model.UserAccounts. Expected: class ebusiness.weblogic.model.UserAccountsId, got class ebusiness.weblogic.model.BasicAuthAccountsId Both basic_auth_accounts and user_accounts have composite primary keys and one-to-one relationships. Any clues what to do here? This is pretty important that i get this to work. Cannot find any substantial solution on the net, some say to create an ID class which hibernate has done, and some say not to have a one-to-one relationship. Please help me!! /** * BasicAuthAccounts generated by hbm2java */ @Entity @Table(name = "basic_auth_accounts", schema = "ebusdevt", catalog = "ebusiness_dev", uniqueConstraints = @UniqueConstraint(columnNames = { "realm_type_id", "realm_qualifier", "account_name" })) public class BasicAuthAccounts implements java.io.Serializable { private BasicAuthAccountsId id; private UserAccounts userAccounts; private String accountName; private String hashedPassword; private boolean passwdChangeReqd; private String hashMethodId; private int failedAttemptNo; private Date failedAttemptDate; private Date lastAccess; public BasicAuthAccounts() { } public BasicAuthAccounts(UserAccounts userAccounts, String accountName, String hashedPassword, boolean passwdChangeReqd, String hashMethodId, int failedAttemptNo) { this.userAccounts = userAccounts; this.accountName = accountName; this.hashedPassword = hashedPassword; this.passwdChangeReqd = passwdChangeReqd; this.hashMethodId = hashMethodId; this.failedAttemptNo = failedAttemptNo; } public BasicAuthAccounts(UserAccounts userAccounts, String accountName, String hashedPassword, boolean passwdChangeReqd, String hashMethodId, int failedAttemptNo, Date failedAttemptDate, Date lastAccess) { this.userAccounts = userAccounts; this.accountName = accountName; this.hashedPassword = hashedPassword; this.passwdChangeReqd = passwdChangeReqd; this.hashMethodId = hashMethodId; this.failedAttemptNo = failedAttemptNo; this.failedAttemptDate = failedAttemptDate; this.lastAccess = lastAccess; } @EmbeddedId @AttributeOverrides( { @AttributeOverride(name = "realmTypeId", column = @Column(name = "realm_type_id", nullable = false, length = 32)), @AttributeOverride(name = "realmQualifier", column = @Column(name = "realm_qualifier", nullable = false, length = 32)), @AttributeOverride(name = "accountId", column = @Column(name = "account_id", nullable = false)) }) public BasicAuthAccountsId getId() { return this.id; } public void setId(BasicAuthAccountsId id) { this.id = id; } @OneToOne(fetch = FetchType.LAZY) @PrimaryKeyJoinColumn @NotNull public UserAccounts getUserAccounts() { return this.userAccounts; } public void setUserAccounts(UserAccounts userAccounts) { this.userAccounts = userAccounts; } /** * BasicAuthAccountsId generated by hbm2java */ @Embeddable public class BasicAuthAccountsId implements java.io.Serializable { private String realmTypeId; private String realmQualifier; private long accountId; public BasicAuthAccountsId() { } public BasicAuthAccountsId(String realmTypeId, String realmQualifier, long accountId) { this.realmTypeId = realmTypeId; this.realmQualifier = realmQualifier; this.accountId = accountId; } /** * UserAccounts generated by hbm2java */ @Entity @Table(name = "user_accounts", schema = "ebusdevt", catalog = "ebusiness_dev") public class UserAccounts implements java.io.Serializable { private UserAccountsId id; private Realms realms; private UserDetails userDetails; private Integer accessLevel; private String status; private boolean isEdge; private String role; private boolean chargesAccess; private Date createdTimestamp; private Date lastStatusChangeTimestamp; private BasicAuthAccounts basicAuthAccounts; private Set<Sessions> sessionses = new HashSet<Sessions>(0); private Set<AccountGroups> accountGroupses = new HashSet<AccountGroups>(0); private Set<UserPrivileges> userPrivilegeses = new HashSet<UserPrivileges>(0); public UserAccounts() { } public UserAccounts(UserAccountsId id, Realms realms, UserDetails userDetails, String status, boolean isEdge, boolean chargesAccess) { this.id = id; this.realms = realms; this.userDetails = userDetails; this.status = status; this.isEdge = isEdge; this.chargesAccess = chargesAccess; } @EmbeddedId @AttributeOverrides( { @AttributeOverride(name = "realmTypeId", column = @Column(name = "realm_type_id", nullable = false, length = 32)), @AttributeOverride(name = "realmQualifier", column = @Column(name = "realm_qualifier", nullable = false, length = 32)), @AttributeOverride(name = "accountId", column = @Column(name = "account_id", nullable = false)) }) @NotNull public UserAccountsId getId() { return this.id; } public void setId(UserAccountsId id) { this.id = id; } @OneToOne(fetch = FetchType.LAZY, mappedBy = "userAccounts") public BasicAuthAccounts getBasicAuthAccounts() { return this.basicAuthAccounts; } public void setBasicAuthAccounts(BasicAuthAccounts basicAuthAccounts) { this.basicAuthAccounts = basicAuthAccounts; } /** * UserAccountsId generated by hbm2java */ @Embeddable public class UserAccountsId implements java.io.Serializable { private String realmTypeId; private String realmQualifier; private long accountId; public UserAccountsId() { } public UserAccountsId(String realmTypeId, String realmQualifier, long accountId) { this.realmTypeId = realmTypeId; this.realmQualifier = realmQualifier; this.accountId = accountId; } @Column(name = "realm_type_id", nullable = false, length = 32) @NotNull @Length(max = 32) public String getRealmTypeId() { return this.realmTypeId; } public void setRealmTypeId(String realmTypeId) { this.realmTypeId = realmTypeId; } @Column(name = "realm_qualifier", nullable = false, length = 32) @NotNull @Length(max = 32) public String getRealmQualifier() { return this.realmQualifier; } public void setRealmQualifier(String realmQualifier) { this.realmQualifier = realmQualifier; } @Column(name = "account_id", nullable = false) public long getAccountId() { return this.accountId; } public void setAccountId(long accountId) { this.accountId = accountId; } Main Code for classes are:

    Read the article

  • mappedBy reference an unknown target entity property - hibernate error

    - by tommy
    first, my classes: User package com.patpuc.model; import java.util.List; import javax.persistence.Column; import javax.persistence.Entity; import javax.persistence.Id; import javax.persistence.OneToMany; import javax.persistence.Table; import com.patpuc.model.RolesMap; @Entity @Table(name = "users") public class User { @Id @Column(name = "USER_ID", unique = true, nullable = false) private int user_id; @Column(name = "NAME", nullable = false) private String name; @Column(name = "SURNAME", unique = true, nullable = false) private String surname; @Column(name = "USERNAME_U", unique = true, nullable = false) private String username_u; // zamiast username @Column(name = "PASSWORD", unique = true, nullable = false) private String password; @Column(name = "USER_DESCRIPTION", nullable = false) private String userDescription; @Column(name = "AUTHORITY", nullable = false) private String authority = "ROLE_USER"; @Column(name = "ENABLED", nullable = false) private int enabled; @OneToMany(mappedBy = "rUser") private List<RolesMap> rolesMap; public List<RolesMap> getRolesMap() { return rolesMap; } public void setRolesMap(List<RolesMap> rolesMap) { this.rolesMap = rolesMap; } /** * @return the user_id */ public int getUser_id() { return user_id; } /** * @param user_id * the user_id to set */ public void setUser_id(int user_id) { this.user_id = user_id; } /** * @return the name */ public String getName() { return name; } /** * @param name * the name to set */ public void setName(String name) { this.name = name; } /** * @return the surname */ public String getSurname() { return surname; } /** * @param surname * the surname to set */ public void setSurname(String surname) { this.surname = surname; } /** * @return the username_u */ public String getUsername_u() { return username_u; } /** * @param username_u * the username_u to set */ public void setUsername_u(String username_u) { this.username_u = username_u; } /** * @return the password */ public String getPassword() { return password; } /** * @param password * the password to set */ public void setPassword(String password) { this.password = password; } /** * @return the userDescription */ public String getUserDescription() { return userDescription; } /** * @param userDescription * the userDescription to set */ public void setUserDescription(String userDescription) { this.userDescription = userDescription; } /** * @return the authority */ public String getAuthority() { return authority; } /** * @param authority * the authority to set */ public void setAuthority(String authority) { this.authority = authority; } /** * @return the enabled */ public int getEnabled() { return enabled; } /** * @param enabled * the enabled to set */ public void setEnabled(int enabled) { this.enabled = enabled; } @Override public String toString() { StringBuffer strBuff = new StringBuffer(); strBuff.append("id : ").append(getUser_id()); strBuff.append(", name : ").append(getName()); strBuff.append(", surname : ").append(getSurname()); return strBuff.toString(); } } RolesMap.java package com.patpuc.model; import javax.persistence.Column; import javax.persistence.Entity; import javax.persistence.Id; import javax.persistence.JoinColumn; import javax.persistence.ManyToOne; import javax.persistence.Table; import com.patpuc.model.User; @Entity @Table(name = "roles_map") public class RolesMap { private int rm_id; private String username_a; private String username_l; //private String username_u; private String password; private int role_id; @ManyToOne @JoinColumn(name="username_u", nullable=false) private User rUser; public RolesMap(){ } /** * @return the user */ public User getUser() { return rUser; } /** * @param user the user to set */ public void setUser(User rUser) { this.rUser = rUser; } @Id @Column(name = "RM_ID", unique = true, nullable = false) public int getRmId() { return rm_id; } public void setRmId(int rm_id) { this.rm_id = rm_id; } @Column(name = "USERNAME_A", unique = true) public String getUsernameA() { return username_a; } public void setUsernameA(String username_a) { this.username_a = username_a; } @Column(name = "USERNAME_L", unique = true) public String getUsernameL() { return username_l; } public void setUsernameL(String username_l) { this.username_l = username_l; } @Column(name = "PASSWORD", unique = true, nullable = false) public String getPassword() { return password; } public void setPassword(String password) { this.password = password; } @Column(name = "ROLE_ID", unique = true, nullable = false) public int getRoleId() { return role_id; } public void setRoleId(int role_id) { this.role_id = role_id; } } when i try run this on server i have exception like this: Error creating bean with name 'SessionFactory' defined in ServletContext resource [/WEB-INF/classes/baseBeans.xml]: Invocation of init method failed; nested exception is org.hibernate.AnnotationException: mappedBy reference an unknown target entity property: com.patpuc.model.RolesMap.users in com.patpuc.model.User.rolesMap But i don't exaclu know what i'm doing wrong. Can somebody help me fix this problem?

    Read the article

  • Hibernate without primary keys generated by db?

    - by Michael Jones
    I'm building a data warehouse and want to use InfiniDB as the storage engine. However, it doesn't allow primary keys or foreign key constraints (or any constraints for that matter). Hibernate complains "The database returned no natively generated identity value" when I perform an insert. Each table is relational, and contains a unique integer column that was previously used as the primary key - I want to keep that, but just not have the constraint in the db that the column is the primary key. I'm assuming the problem is that Hibernate expects the db to return a generated key. Is it possible to override this behaviour so I can set the primary key field's value myself and keep Hibernate happy? -- edit -- Two of the mappings are as follows: <?xml version="1.0"?> <!DOCTYPE hibernate-mapping PUBLIC "-//Hibernate/Hibernate Mapping DTD 3.0//EN" "http://hibernate.sourceforge.net/hibernate-mapping-3.0.dtd"> <!-- Generated Jun 1, 2010 2:49:51 PM by Hibernate Tools 3.2.1.GA --> <hibernate-mapping> <class name="com.example.project.Visitor" table="visitor" catalog="orwell"> <id name="id" type="java.lang.Long"> <column name="id" /> <generator class="identity" /> </id> <property name="firstSeen" type="timestamp"> <column name="first_seen" length="19" /> </property> <property name="lastSeen" type="timestamp"> <column name="last_seen" length="19" /> </property> <property name="sessionId" type="string"> <column name="session_id" length="26" unique="true" /> </property> <property name="userId" type="java.lang.Long"> <column name="user_id" /> </property> <set name="visits" inverse="true"> <key> <column name="visitor_id" /> </key> <one-to-many class="com.example.project.Visit" /> </set> </class> </hibernate-mapping> and: <?xml version="1.0"?> <!DOCTYPE hibernate-mapping PUBLIC "-//Hibernate/Hibernate Mapping DTD 3.0//EN" "http://hibernate.sourceforge.net/hibernate-mapping-3.0.dtd"> <!-- Generated Jun 1, 2010 2:49:51 PM by Hibernate Tools 3.2.1.GA --> <hibernate-mapping> <class name="com.example.project.Visit" table="visit" catalog="orwell"> <id name="id" type="java.lang.Long"> <column name="id" /> <generator class="identity" /> </id> <many-to-one name="visitor" class="com.example.project.Visitor" fetch="join" cascade="all"> <column name="visitor_id" /> </many-to-one> <property name="visitId" type="string"> <column name="visit_id" length="20" unique="true" /> </property> <property name="startTime" type="timestamp"> <column name="start_time" length="19" /> </property> <property name="endTime" type="timestamp"> <column name="end_time" length="19" /> </property> <property name="userAgent" type="string"> <column name="user_agent" length="65535" /> </property> <set name="pageViews" inverse="true"> <key> <column name="visit_id" /> </key> <one-to-many class="com.example.project.PageView" /> </set> </class> </hibernate-mapping>

    Read the article

  • Why can't I reference child entities with part of the parent entities composite key

    - by tigermain
    I am trying to reference some child entities with part of the parents composite key not all of it, why cant I? This happens when I use the following mapping instead of that which is commented. I get the following error Foreign key in table VolatileEventContent must have same number of columns as referenced primary key in table LocationSearchView <?xml version="1.0" encoding="utf-8" ?> <hibernate-mapping xmlns="urn:nhibernate-mapping-2.2" namespace="JeanieMaster.Domain.Entities" assembly="JeanieMaster.Domain"> <class name="LocationSearchView" table="LocationSearchView"> <composite-id> <key-property name="LocationId" type="Int32"></key-property> <key-property name="ContentProviderId" type="Int32"></key-property> <key-property name="CategoryId" type="Int32"></key-property> </composite-id> <property name="CompanyName" type="String" not-null="true" update="false" insert="false"/> <property name="Description" type="String" not-null="true" update="false" insert="false"/> <property name="CategoryId" type="Int32" not-null="true" update="false" insert="false"/> <property name="ContentProviderId" type="Int32" not-null="true" update="false" insert="false"/> <property name="LocationId" type="Int32" not-null="true" update="false" insert="false"/> <property name="Latitude" type="Double" update="false" insert="false" /> <property name="Longitude" type="Double" update="false" insert="false" /> <bag name="Events" table="VolatileEventContent" where="DeactivatedOn IS NULL" order-by="StartDate DESC" lazy="false" cascade="none"> <key> <column name="LocationId"></column> <column name="ContentProviderId"></column> <!--<column name="LocationId"></column> <column name="ContentProviderId"></column> <column name="CategoryId"></column>--> </key> <one-to-many class="Event" column="VolatileEventContentId"></one-to-many> </bag> </class> </hibernate-mapping> And VolatileEventContent mapping file <?xml version="1.0" encoding="utf-8" ?> <hibernate-mapping xmlns="urn:nhibernate-mapping-2.2" namespace="JeanieMaster.Domain.Entities" assembly="JeanieMaster.Domain"> <class name="Event" table="VolatileEventContent" select-before-update="false" optimistic-lock="none"> <composite-id> <key-property name="LocationId" type="Int32"></key-property> <key-property name="ContentProviderId" type="Int32"></key-property> </composite-id> <property name="Description" type="String" not-null="true" update="false" insert="false"/> <property name="StartDate" type="DateTime" not-null="true" update="false" insert="false" /> <property name="EndDate" type="DateTime" not-null="true" update="false" insert="false" /> <property name="CreatedOn" type="DateTime" not-null="true" update="false" insert="false" /> <property name="ModifiedOn" type="DateTime" not-null="false" update="false" insert="false" /> <many-to-one name="Location" class="Location" column="LocationId" /> <bag name="Artistes" table="EventArtiste" lazy="false" cascade="none"> <key name="VolatileEventContentId" /> <many-to-many class="Artiste" column="ArtisteId" ></many-to-many> </bag> </class> </hibernate-mapping>

    Read the article

  • ASP.NET MVC Paging/Sorting/Filtering a list using ModelMetadata

    - by rajbk
    This post looks at how to control paging, sorting and filtering when displaying a list of data by specifying attributes in your Model using the ASP.NET MVC framework and the excellent MVCContrib library. It also shows how to hide/show columns and control the formatting of data using attributes.  This uses the Northwind database. A sample project is attached at the end of this post. Let’s start by looking at a class called ProductViewModel. The properties in the class are decorated with attributes. The OrderBy attribute tells the system that the Model can be sorted using that property. The SearchFilter attribute tells the system that filtering is allowed on that property. Filtering type is set by the  FilterType enum which currently supports Equals and Contains. The ScaffoldColumn property specifies if a column is hidden or not The DisplayFormat specifies how the data is formatted. public class ProductViewModel { [OrderBy(IsDefault = true)] [ScaffoldColumn(false)] public int? ProductID { get; set; }   [SearchFilter(FilterType.Contains)] [OrderBy] [DisplayName("Product Name")] public string ProductName { get; set; }   [OrderBy] [DisplayName("Unit Price")] [DisplayFormat(DataFormatString = "{0:c}")] public System.Nullable<decimal> UnitPrice { get; set; }   [DisplayName("Category Name")] public string CategoryName { get; set; }   [SearchFilter] [ScaffoldColumn(false)] public int? CategoryID { get; set; }   [SearchFilter] [ScaffoldColumn(false)] public int? SupplierID { get; set; }   [OrderBy] public bool Discontinued { get; set; } } Before we explore the code further, lets look at the UI.  The UI has a section for filtering the data. The column headers with links are sortable. Paging is also supported with the help of a pager row. The pager is rendered using the MVCContrib Pager component. The data is displayed using a customized version of the MVCContrib Grid component. The customization was done in order for the Grid to be aware of the attributes mentioned above. Now, let’s look at what happens when we perform actions on this page. The diagram below shows the process: The form on the page has its method set to “GET” therefore we see all the parameters in the query string. The query string is shown in blue above. This query gets routed to an action called Index with parameters of type ProductViewModel and PageSortOptions. The parameters in the query string get mapped to the input parameters using model binding. The ProductView object created has the information needed to filter data while the PageAndSorting object is used for paging and sorting the data. The last block in the figure above shows how the filtered and paged list is created. We receive a product list from our product repository (which is of type IQueryable) and first filter it by calliing the AsFiltered extension method passing in the productFilters object and then call the AsPagination extension method passing in the pageSort object. The AsFiltered extension method looks at the type of the filter instance passed in. It skips properties in the instance that do not have the SearchFilter attribute. For properties that have the SearchFilter attribute, it adds filter expression trees to filter against the IQueryable data. The AsPagination extension method looks at the type of the IQueryable and ensures that the column being sorted on has the OrderBy attribute. If it does not find one, it looks for the default sort field [OrderBy(IsDefault = true)]. It is required that at least one attribute in your model has the [OrderBy(IsDefault = true)]. This because a person could be performing paging without specifying an order by column. As you may recall the LINQ Skip method now requires that you call an OrderBy method before it. Therefore we need a default order by column to perform paging. The extension method adds a order expressoin tree to the IQueryable and calls the MVCContrib AsPagination extension method to page the data. Implementation Notes Auto Postback The search filter region auto performs a get request anytime the dropdown selection is changed. This is implemented using the following jQuery snippet $(document).ready(function () { $("#productSearch").change(function () { this.submit(); }); }); Strongly Typed View The code used in the Action method is shown below: public ActionResult Index(ProductViewModel productFilters, PageSortOptions pageSortOptions) { var productPagedList = productRepository.GetProductsProjected().AsFiltered(productFilters).AsPagination(pageSortOptions);   var productViewFilterContainer = new ProductViewFilterContainer(); productViewFilterContainer.Fill(productFilters.CategoryID, productFilters.SupplierID, productFilters.ProductName);   var gridSortOptions = new GridSortOptions { Column = pageSortOptions.Column, Direction = pageSortOptions.Direction };   var productListContainer = new ProductListContainerModel { ProductPagedList = productPagedList, ProductViewFilterContainer = productViewFilterContainer, GridSortOptions = gridSortOptions };   return View(productListContainer); } As you see above, the object that is returned to the view is of type ProductListContainerModel. This contains all the information need for the view to render the Search filter section (including dropdowns),  the Html.Pager (MVCContrib) and the Html.Grid (from MVCContrib). It also stores the state of the search filters so that they can recreate themselves when the page reloads (Viewstate, I miss you! :0)  The class diagram for the container class is shown below.   Custom MVCContrib Grid The MVCContrib grid default behavior was overridden so that it would auto generate the columns and format the columns based on the metadata and also make it aware of our custom attributes (see MetaDataGridModel in the sample code). The Grid ensures that the ShowForDisplay on the column is set to true This can also be set by the ScaffoldColumn attribute ref: http://bradwilson.typepad.com/blog/2009/10/aspnet-mvc-2-templates-part-2-modelmetadata.html) Column headers are set using the DisplayName attribute Column sorting is set using the OrderBy attribute. The data is formatted using the DisplayFormat attribute. Generic Extension methods for Sorting and Filtering The extension method AsFiltered takes in an IQueryable<T> and uses expression trees to query against the IQueryable data. The query is constructed using the Model metadata and the properties of the T filter (productFilters in our case). Properties in the Model that do not have the SearchFilter attribute are skipped when creating the filter expression tree.  It returns an IQueryable<T>. The extension method AsPagination takes in an IQuerable<T> and first ensures that the column being sorted on has the OrderBy attribute. If not, we look for the default OrderBy column ([OrderBy(IsDefault = true)]). We then build an expression tree to sort on this column. We finally hand off the call to the MVCContrib AsPagination which returns an IPagination<T>. This type as you can see in the class diagram above is passed to the view and used by the MVCContrib Grid and Pager components. Custom Provider To get the system to recognize our custom attributes, we create our MetadataProvider as mentioned in this article (http://bradwilson.typepad.com/blog/2010/01/why-you-dont-need-modelmetadataattributes.html) protected override ModelMetadata CreateMetadata(IEnumerable<Attribute> attributes, Type containerType, Func<object> modelAccessor, Type modelType, string propertyName) { ModelMetadata metadata = base.CreateMetadata(attributes, containerType, modelAccessor, modelType, propertyName);   SearchFilterAttribute searchFilterAttribute = attributes.OfType<SearchFilterAttribute>().FirstOrDefault(); if (searchFilterAttribute != null) { metadata.AdditionalValues.Add(Globals.SearchFilterAttributeKey, searchFilterAttribute); }   OrderByAttribute orderByAttribute = attributes.OfType<OrderByAttribute>().FirstOrDefault(); if (orderByAttribute != null) { metadata.AdditionalValues.Add(Globals.OrderByAttributeKey, orderByAttribute); }   return metadata; } We register our MetadataProvider in Global.asax.cs. protected void Application_Start() { AreaRegistration.RegisterAllAreas();   RegisterRoutes(RouteTable.Routes);   ModelMetadataProviders.Current = new MvcFlan.QueryModelMetaDataProvider(); } Bugs, Comments and Suggestions are welcome! You can download the sample code below. This code is purely experimental. Use at your own risk. Download Sample Code (VS 2010 RTM) MVCNorthwindSales.zip

    Read the article

  • SQL Server SQL Injection from start to end

    - by Mladen Prajdic
    SQL injection is a method by which a hacker gains access to the database server by injecting specially formatted data through the user interface input fields. In the last few years we have witnessed a huge increase in the number of reported SQL injection attacks, many of which caused a great deal of damage. A SQL injection attack takes many guises, but the underlying method is always the same. The specially formatted data starts with an apostrophe (') to end the string column (usually username) check, continues with malicious SQL, and then ends with the SQL comment mark (--) in order to comment out the full original SQL that was intended to be submitted. The really advanced methods use binary or encoded text inputs instead of clear text. SQL injection vulnerabilities are often thought to be a database server problem. In reality they are a pure application design problem, generally resulting from unsafe techniques for dynamically constructing SQL statements that require user input. It also doesn't help that many web pages allow SQL Server error messages to be exposed to the user, having no input clean up or validation, allowing applications to connect with elevated (e.g. sa) privileges and so on. Usually that's caused by novice developers who just copy-and-paste code found on the internet without understanding the possible consequences. The first line of defense is to never let your applications connect via an admin account like sa. This account has full privileges on the server and so you virtually give the attacker open access to all your databases, servers, and network. The second line of defense is never to expose SQL Server error messages to the end user. Finally, always use safe methods for building dynamic SQL, using properly parameterized statements. Hopefully, all of this will be clearly demonstrated as we demonstrate two of the most common ways that enable SQL injection attacks, and how to remove the vulnerability. 1) Concatenating SQL statements on the client by hand 2) Using parameterized stored procedures but passing in parts of SQL statements As will become clear, SQL Injection vulnerabilities cannot be solved by simple database refactoring; often, both the application and database have to be redesigned to solve this problem. Concatenating SQL statements on the client This problem is caused when user-entered data is inserted into a dynamically-constructed SQL statement, by string concatenation, and then submitted for execution. Developers often think that some method of input sanitization is the solution to this problem, but the correct solution is to correctly parameterize the dynamic SQL. In this simple example, the code accepts a username and password and, if the user exists, returns the requested data. First the SQL code is shown that builds the table and test data then the C# code with the actual SQL Injection example from beginning to the end. The comments in code provide information on what actually happens. /* SQL CODE *//* Users table holds usernames and passwords and is the object of out hacking attempt */CREATE TABLE Users( UserId INT IDENTITY(1, 1) PRIMARY KEY , UserName VARCHAR(50) , UserPassword NVARCHAR(10))/* Insert 2 users */INSERT INTO Users(UserName, UserPassword)SELECT 'User 1', 'MyPwd' UNION ALLSELECT 'User 2', 'BlaBla' Vulnerable C# code, followed by a progressive SQL injection attack. /* .NET C# CODE *//*This method checks if a user exists. It uses SQL concatination on the client, which is susceptible to SQL injection attacks*/private bool DoesUserExist(string username, string password){ using (SqlConnection conn = new SqlConnection(@"server=YourServerName; database=tempdb; Integrated Security=SSPI;")) { /* This is the SQL string you usually see with novice developers. It returns a row if a user exists and no rows if it doesn't */ string sql = "SELECT * FROM Users WHERE UserName = '" + username + "' AND UserPassword = '" + password + "'"; SqlCommand cmd = conn.CreateCommand(); cmd.CommandText = sql; cmd.CommandType = CommandType.Text; cmd.Connection.Open(); DataSet dsResult = new DataSet(); /* If a user doesn't exist the cmd.ExecuteScalar() returns null; this is just to simplify the example; you can use other Execute methods too */ string userExists = (cmd.ExecuteScalar() ?? "0").ToString(); return userExists != "0"; } }}/*The SQL injection attack example. Username inputs should be run one after the other, to demonstrate the attack pattern.*/string username = "User 1";string password = "MyPwd";// See if we can even use SQL injection.// By simply using this we can log into the application username = "' OR 1=1 --";// What follows is a step-by-step guessing game designed // to find out column names used in the query, via the // error messages. By using GROUP BY we will get // the column names one by one.// First try the Idusername = "' GROUP BY Id HAVING 1=1--";// We get the SQL error: Invalid column name 'Id'.// From that we know that there's no column named Id. // Next up is UserIDusername = "' GROUP BY Users.UserId HAVING 1=1--";// AHA! here we get the error: Column 'Users.UserName' is // invalid in the SELECT list because it is not contained // in either an aggregate function or the GROUP BY clause.// We have guessed correctly that there is a column called // UserId and the error message has kindly informed us of // a table called Users with a column called UserName// Now we add UserName to our GROUP BYusername = "' GROUP BY Users.UserId, Users.UserName HAVING 1=1--";// We get the same error as before but with a new column // name, Users.UserPassword// Repeat this pattern till we have all column names that // are being return by the query.// Now we have to get the column data types. One non-string // data type is all we need to wreck havoc// Because 0 can be implicitly converted to any data type in SQL server we use it to fill up the UNION.// This can be done because we know the number of columns the query returns FROM our previous hacks.// Because SUM works for UserId we know it's an integer type. It doesn't matter which exactly.username = "' UNION SELECT SUM(Users.UserId), 0, 0 FROM Users--";// SUM() errors out for UserName and UserPassword columns giving us their data types:// Error: Operand data type varchar is invalid for SUM operator.username = "' UNION SELECT SUM(Users.UserName) FROM Users--";// Error: Operand data type nvarchar is invalid for SUM operator.username = "' UNION SELECT SUM(Users.UserPassword) FROM Users--";// Because we know the Users table structure we can insert our data into itusername = "'; INSERT INTO Users(UserName, UserPassword) SELECT 'Hacker user', 'Hacker pwd'; --";// Next let's get the actual data FROM the tables.// There are 2 ways you can do this.// The first is by using MIN on the varchar UserName column and // getting the data from error messages one by one like this:username = "' UNION SELECT min(UserName), 0, 0 FROM Users --";username = "' UNION SELECT min(UserName), 0, 0 FROM Users WHERE UserName > 'User 1'--";// we can repeat this method until we get all data one by one// The second method gives us all data at once and we can use it as soon as we find a non string columnusername = "' UNION SELECT (SELECT * FROM Users FOR XML RAW) as c1, 0, 0 --";// The error we get is: // Conversion failed when converting the nvarchar value // '<row UserId="1" UserName="User 1" UserPassword="MyPwd"/>// <row UserId="2" UserName="User 2" UserPassword="BlaBla"/>// <row UserId="3" UserName="Hacker user" UserPassword="Hacker pwd"/>' // to data type int.// We can see that the returned XML contains all table data including our injected user account.// By using the XML trick we can get any database or server info we wish as long as we have access// Some examples:// Get info for all databasesusername = "' UNION SELECT (SELECT name, dbid, convert(nvarchar(300), sid) as sid, cmptlevel, filename FROM master..sysdatabases FOR XML RAW) as c1, 0, 0 --";// Get info for all tables in master databaseusername = "' UNION SELECT (SELECT * FROM master.INFORMATION_SCHEMA.TABLES FOR XML RAW) as c1, 0, 0 --";// If that's not enough here's a way the attacker can gain shell access to your underlying windows server// This can be done by enabling and using the xp_cmdshell stored procedure// Enable xp_cmdshellusername = "'; EXEC sp_configure 'show advanced options', 1; RECONFIGURE; EXEC sp_configure 'xp_cmdshell', 1; RECONFIGURE;";// Create a table to store the values returned by xp_cmdshellusername = "'; CREATE TABLE ShellHack (ShellData NVARCHAR(MAX))--";// list files in the current SQL Server directory with xp_cmdshell and store it in ShellHack table username = "'; INSERT INTO ShellHack EXEC xp_cmdshell \"dir\"--";// return the data via an error messageusername = "' UNION SELECT (SELECT * FROM ShellHack FOR XML RAW) as c1, 0, 0; --";// delete the table to get clean output (this step is optional)username = "'; DELETE ShellHack; --";// repeat the upper 3 statements to do other nasty stuff to the windows server// If the returned XML is larger than 8k you'll get the "String or binary data would be truncated." error// To avoid this chunk up the returned XML using paging techniques. // the username and password params come from the GUI textboxes.bool userExists = DoesUserExist(username, password ); Having demonstrated all of the information a hacker can get his hands on as a result of this single vulnerability, it's perhaps reassuring to know that the fix is very easy: use parameters, as show in the following example. /* The fixed C# method that doesn't suffer from SQL injection because it uses parameters.*/private bool DoesUserExist(string username, string password){ using (SqlConnection conn = new SqlConnection(@"server=baltazar\sql2k8; database=tempdb; Integrated Security=SSPI;")) { //This is the version of the SQL string that should be safe from SQL injection string sql = "SELECT * FROM Users WHERE UserName = @username AND UserPassword = @password"; SqlCommand cmd = conn.CreateCommand(); cmd.CommandText = sql; cmd.CommandType = CommandType.Text; // adding 2 SQL Parameters solves the SQL injection issue completely SqlParameter usernameParameter = new SqlParameter(); usernameParameter.ParameterName = "@username"; usernameParameter.DbType = DbType.String; usernameParameter.Value = username; cmd.Parameters.Add(usernameParameter); SqlParameter passwordParameter = new SqlParameter(); passwordParameter.ParameterName = "@password"; passwordParameter.DbType = DbType.String; passwordParameter.Value = password; cmd.Parameters.Add(passwordParameter); cmd.Connection.Open(); DataSet dsResult = new DataSet(); /* If a user doesn't exist the cmd.ExecuteScalar() returns null; this is just to simplify the example; you can use other Execute methods too */ string userExists = (cmd.ExecuteScalar() ?? "0").ToString(); return userExists == "1"; }} We have seen just how much danger we're in, if our code is vulnerable to SQL Injection. If you find code that contains such problems, then refactoring is not optional; it simply has to be done and no amount of deadline pressure should be a reason not to do it. Better yet, of course, never allow such vulnerabilities into your code in the first place. Your business is only as valuable as your data. If you lose your data, you lose your business. Period. Incorrect parameterization in stored procedures It is a common misconception that the mere act of using stored procedures somehow magically protects you from SQL Injection. There is no truth in this rumor. If you build SQL strings by concatenation and rely on user input then you are just as vulnerable doing it in a stored procedure as anywhere else. This anti-pattern often emerges when developers want to have a single "master access" stored procedure to which they'd pass a table name, column list or some other part of the SQL statement. This may seem like a good idea from the viewpoint of object reuse and maintenance but it's a huge security hole. The following example shows what a hacker can do with such a setup. /*Create a single master access stored procedure*/CREATE PROCEDURE spSingleAccessSproc( @select NVARCHAR(500) = '' , @tableName NVARCHAR(500) = '' , @where NVARCHAR(500) = '1=1' , @orderBy NVARCHAR(500) = '1')ASEXEC('SELECT ' + @select + ' FROM ' + @tableName + ' WHERE ' + @where + ' ORDER BY ' + @orderBy)GO/*Valid use as anticipated by a novice developer*/EXEC spSingleAccessSproc @select = '*', @tableName = 'Users', @where = 'UserName = ''User 1'' AND UserPassword = ''MyPwd''', @orderBy = 'UserID'/*Malicious use SQL injectionThe SQL injection principles are the same aswith SQL string concatenation I described earlier,so I won't repeat them again here.*/EXEC spSingleAccessSproc @select = '* FROM INFORMATION_SCHEMA.TABLES FOR XML RAW --', @tableName = '--Users', @where = '--UserName = ''User 1'' AND UserPassword = ''MyPwd''', @orderBy = '--UserID' One might think that this is a "made up" example but in all my years of reading SQL forums and answering questions there were quite a few people with "brilliant" ideas like this one. Hopefully I've managed to demonstrate the dangers of such code. Even if you think your code is safe, double check. If there's even one place where you're not using proper parameterized SQL you have vulnerability and SQL injection can bare its ugly teeth.

    Read the article

  • SQL SERVER – Weekly Series – Memory Lane – #038

    - by Pinal Dave
    Here is the list of selected articles of SQLAuthority.com across all these years. Instead of just listing all the articles I have selected a few of my most favorite articles and have listed them here with additional notes below it. Let me know which one of the following is your favorite article from memory lane. 2007 CASE Statement in ORDER BY Clause – ORDER BY using Variable This article is as per request from the Application Development Team Leader of my company. His team encountered code where the application was preparing string for ORDER BY clause of the SELECT statement. Application was passing this string as variable to Stored Procedure (SP) and SP was using EXEC to execute the SQL string. This is not good for performance as Stored Procedure has to recompile every time due to EXEC. sp_executesql can do the same task but still not the best performance. SSMS – View/Send Query Results to Text/Grid/Files Results to Text – CTRL + T Results to Grid – CTRL + D Results to File – CTRL + SHIFT + F 2008 Introduction to SPARSE Columns Part 2 I wrote about Introduction to SPARSE Columns Part 1. Let us understand the concept of the SPARSE column in more detail. I suggest you read the first part before continuing reading this article. All SPARSE columns are stored as one XML column in the database. Let us see some of the advantage and disadvantage of SPARSE column. Deferred Name Resolution How come when table name is incorrect SP can be created successfully but when an incorrect column is used SP cannot be created? 2009 Backup Timeline and Understanding of Database Restore Process in Full Recovery Model In general, databases backup in full recovery mode is taken in three different kinds of database files. Full Database Backup Differential Database Backup Log Backup Restore Sequence and Understanding NORECOVERY and RECOVERY While doing RESTORE Operation if you restoring database files, always use NORECOVER option as that will keep the database in a state where more backup file are restored. This will also keep database offline also to prevent any changes, which can create itegrity issues. Once all backup file is restored run RESTORE command with a RECOVERY option to get database online and operational. Four Different Ways to Find Recovery Model for Database Perhaps, the best thing about technical domain is that most of the things can be executed in more than one ways. It is always useful to know about the various methods of performing a single task. Two Methods to Retrieve List of Primary Keys and Foreign Keys of Database When Information Schema is used, we will not be able to discern between primary key and foreign key; we will have both the keys together. In the case of sys schema, we can query the data in our preferred way and can join this table to another table, which can retrieve additional data from the same. Get Last Running Query Based on SPID PID is returns sessions ID of the current user process. The acronym SPID comes from the name of its earlier version, Server Process ID. 2010 SELECT * FROM dual – Dual Equivalent Dual is a table that is created by Oracle together with data dictionary. It consists of exactly one column named “dummy”, and one record. The value of that record is X. You can check the content of the DUAL table using the following syntax. SELECT * FROM dual Identifying Statistics Used by Query Someone asked this question in my training class of query optimization and performance tuning.  “Can I know which statistics were used by my query?” 2011 SQL SERVER – Interview Questions and Answers – Frequently Asked Questions – Day 14 of 31 What are the basic functions for master, msdb, model, tempdb and resource databases? What is the Maximum Number of Index per Table? Explain Few of the New Features of SQL Server 2008 Management Studio Explain IntelliSense for Query Editing Explain MultiServer Query Explain Query Editor Regions Explain Object Explorer Enhancements Explain Activity Monitors SQL SERVER – Interview Questions and Answers – Frequently Asked Questions – Day 15 of 31 What is Service Broker? Where are SQL server Usernames and Passwords Stored in the SQL server? What is Policy Management? What is Database Mirroring? What are Sparse Columns? What does TOP Operator Do? What is CTE? What is MERGE Statement? What is Filtered Index? Which are the New Data Types Introduced in SQL SERVER 2008? SQL SERVER – Interview Questions and Answers – Frequently Asked Questions – Day 16 of 31 What are the Advantages of Using CTE? How can we Rewrite Sub-Queries into Simple Select Statements or with Joins? What is CLR? What are Synonyms? What is LINQ? What are Isolation Levels? What is Use of EXCEPT Clause? What is XPath? What is NOLOCK? What is the Difference between Update Lock and Exclusive Lock? SQL SERVER – Interview Questions and Answers – Frequently Asked Questions – Day 17 of 31 How will you Handle Error in SQL SERVER 2008? What is RAISEERROR? What is RAISEERROR? How to Rebuild the Master Database? What is the XML Datatype? What is Data Compression? What is Use of DBCC Commands? How to Copy the Tables, Schema and Views from one SQL Server to Another? How to Find Tables without Indexes? SQL SERVER – Interview Questions and Answers – Frequently Asked Questions – Day 18 of 31 How to Copy Data from One Table to Another Table? What is Catalog Views? What is PIVOT and UNPIVOT? What is a Filestream? What is SQLCMD? What do you mean by TABLESAMPLE? What is ROW_NUMBER()? What are Ranking Functions? What is Change Data Capture (CDC) in SQL Server 2008? SQL SERVER – Interview Questions and Answers – Frequently Asked Questions – Day 19 of 31 How can I Track the Changes or Identify the Latest Insert-Update-Delete from a Table? What is the CPU Pressure? How can I Get Data from a Database on Another Server? What is the Bookmark Lookup and RID Lookup? What is Difference between ROLLBACK IMMEDIATE and WITH NO_WAIT during ALTER DATABASE? What is Difference between GETDATE and SYSDATETIME in SQL Server 2008? How can I Check that whether Automatic Statistic Update is Enabled or not? How to Find Index Size for Each Index on Table? What is the Difference between Seek Predicate and Predicate? What are Basics of Policy Management? What are the Advantages of Policy Management? SQL SERVER – Interview Questions and Answers – Frequently Asked Questions – Day 20 of 31 What are Policy Management Terms? What is the ‘FILLFACTOR’? Where in MS SQL Server is ’100’ equal to ‘0’? What are Points to Remember while Using the FILLFACTOR Argument? What is a ROLLUP Clause? What are Various Limitations of the Views? What is a Covered index? When I Delete any Data from a Table, does the SQL Server reduce the size of that table? What are Wait Types? How to Stop Log File Growing too Big? If any Stored Procedure is Encrypted, then can we see its definition in Activity Monitor? 2012 Example of Width Sensitive and Width Insensitive Collation Width Sensitive Collation: A single-byte character (half-width) represented as single-byte and the same character represented as a double-byte character (full-width) are when compared are not equal the collation is width sensitive. In this example we have one table with two columns. One column has a collation of width sensitive and the second column has a collation of width insensitive. Find Column Used in Stored Procedure – Search Stored Procedure for Column Name Very interesting conversation about how to find column used in a stored procedure. There are two different characters in the story and both are having a conversation about how to find column in the stored procedure. Here are two part story Part 1 | Part 2 SQL SERVER – 2012 Functions – FORMAT() and CONCAT() – An Interesting Usage Generate Script for Schema and Data – SQL in Sixty Seconds #021 – Video In simple words, in many cases the database move from one place to another place. It is not always possible to back up and restore databases. There are possibilities when only part of the database (with schema and data) has to be moved. In this video we learn that we can easily generate script for schema for data and move from one server to another one. INFORMATION_SCHEMA.COLUMNS and Value Character Maximum Length -1 I often see the value -1 in the CHARACTER_MAXIMUM_LENGTH column of INFORMATION_SCHEMA.COLUMNS table. I understand that the length of any column can be between 0 to large number but I do not get it when I see value in negative (i.e. -1). Any insight on this subject? Reference: Pinal Dave (http://blog.sqlauthority.com) Filed under: Memory Lane, PostADay, SQL, SQL Authority, SQL Query, SQL Server, SQL Tips and Tricks, T SQL, Technology

    Read the article

  • is of a type that is invalid for use as a key column in an index.

    - by acidzombie24
    I have an error at Column 'key' in table 'misc_info' is of a type that is invalid for use as a key column in an index. where key is a nvarchar(max). A quick google found this. It however doesnt explain what a solution is. How do i create something like Dictionary where the key and value are both strings and obviously the key must be unique and is single. My sql statement was create table [misc_info] ( [id] INTEGER PRIMARY KEY IDENTITY NOT NULL, [key] nvarchar(max) UNIQUE NOT NULL, [value] nvarchar(max) NOT NULL);

    Read the article

  • JPQL: unknown state or association field (EclipseLink)

    - by Kawu
    I have an Employee entity which inherits from Person and OrganizationalUnit: OrganizationalUnit: @MappedSuperclass public abstract class OrganizationalUnit implements Serializable { @Id private Long id; @Basic( optional = false ) private String name; public Long getId() { return this.id; } public void setId( Long id ) { this.id = id; } public String getName() { return this.name; } public void setName( String name ) { this.name = name; } // ... } Person: @MappedSuperclass public abstract class Person extends OrganizationalUnit { private String lastName; private String firstName; public String getLastName() { return this.lastName; } public void setLastName( String lastName ) { this.lastName = lastName; } public String getFirstName() { return this.firstName; } public void setFirstName( String firstName ) { this.firstName = firstName; } /** * Returns names of the form "John Doe". */ @Override public String getName() { return this.firstName + " " + this.lastName; } @Override public void setName( String name ) { throw new UnsupportedOperationException( "Name cannot be set explicitly!" ); } /** * Returns names of the form "Doe, John". */ public String getFormalName() { return this.lastName + ", " + this.firstName; } // ... } Employee entity: @Entity @Table( name = "EMPLOYEES" ) @AttributeOverrides ( { @AttributeOverride( name = "id", column = @Column( name = "EMPLOYEE_ID" ) ), @AttributeOverride( name = "name", column = @Column( name = "LASTNAME", insertable = false, updatable = false ) ), @AttributeOverride( name = "firstName", column = @Column( name = "FIRSTNAME" ) ), @AttributeOverride( name = "lastName", column = @Column( name = "LASTNAME" ) ), } ) @NamedQueries ( { @NamedQuery( name = "Employee.FIND_BY_FORMAL_NAME", query = "SELECT emp " + "FROM Employee emp " + "WHERE emp.formalName = :formalName" ) } ) public class Employee extends Person { @Column( name = "EMPLOYEE_NO" ) private String nbr; // lots of other stuff... } I then attempted to find an employee by its formal name, e.g. "Doe, John" using the query above: SELECT emp FROM Employee emp WHERE emp.formalName = :formalName However, this gives me an exception on deploying to EclipseLink: Exception while preparing the app : Exception [EclipseLink-8030] (Eclipse Persistence Services - 2.3.2.v20111125-r10461): org.eclipse.persistence.exceptions.JPQLException Exception Description: Error compiling the query [Employee.FIND_BY_CLIENT_AND_FORMAL_NAME: SELECT emp FROM Employee emp JOIN FETCH emp.client JOIN FETCH emp.unit WHERE emp.client.id = :clientId AND emp.formalName = :formalName], line 1, column 115: unknown state or association field [formalName] of class [de.bnext.core.common.entity.Employee]. Local Exception Stack: Exception [EclipseLink-8030] (Eclipse Persistence Services - 2.3.2.v20111125-r10461): org.eclipse.persistence.exceptions.JPQLException Exception Description: Error compiling the query [Employee.FIND_BY_CLIENT_AND_FORMAL_NAME: SELECT emp FROM Employee emp JOIN FETCH emp.client JOIN FETCH emp.unit WHERE emp.client.id = :clientId AND emp.formalName = :formalName], line 1, column 115: unknown state or association field [formalName] of class [de.bnext.core.common.entity.Employee]. Qs: What's wrong? Is it prohibited to use "artificial" properties in JPQL, here the WHERE clause? What are the premises here? I checked the capitalization and spelling many times, I'm out of luck.

    Read the article

  • How to avoid OLEDB converting "."s into "#"s in column names?

    - by Andrew Miner
    I'm using the ACE OLEDB driver to read from an Excel 2007 spreadsheet, and I'm finding that any '.' character in column names get converted to a '#' character. For example, if I have the following in a spreadsheet: Name Amt. Due Due Date Andrew 12.50 4/1/2010 Brian 20.00 4/12/2010 Charlie 1000.00 6/30/2010 the name of the second column would be reported as "Amt# Due" when read with the following code: OleDbConnection connection = new OleDbConnection( "Provider=Microsoft.ACE.OLEDB.12.0; Data Source={0}; " + "Extended Properties=\"Excel 12.0 Xml;HDR=YES;FMT=Delimited;IMEX=1\""); OldDbCommand command = new OleDbCommand("SELECT * FROM MyTable", connection); OleDbReader dataReader = command.ExecuteReader(); System.Console.WriteLine(dataReader.GetName(1)); I've read through all the documentation I can find and I haven't found anything which even mentions that this will happen. Has anyone run into this before? Is there a way to fix this behavior?

    Read the article

  • How can I prevent Rails from "pluralizing" a column name?

    - by Mike
    I'm using dwilkie's foreigner plugin for rails. I have a table creation statement that looks like: create_table "agents_games", :force => true, :id => false do |t| t.references :agents, :column => :agent_id, :foreign_key => true, :null => false t.references :games, :column => :game_id, :foreign_key => true, :null => false end However, this generates the following SQL: [4;35;1mSQL (2.7ms)[0m [0mCREATE TABLE "agents_games" ("agents_id" integer NOT NULL, "games_id" integer NOT NULL) [0m I want the columns to be called agent_id and game_id - not agents_id and agent_id. How can I prevent Rails from pluralizing the columns? I tried the following in my enviornment.rb file, which didn't help: ActiveSupport::Inflector.inflections do |inflect| inflect.uncountable "agent_id", "game_id" end

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 68 69 70 71 72 73 74 75 76 77 78 79  | Next Page >