Tech Sharing Blog

So, you are now the leader of a SQL Server based project and this is your first one, perhaps migrating from Access. Or maybe you have performance problems with your SQL Server and don’t know what to do next. Or maybe you simply want to know of some design guidelines for solutions using SQL Server and designing Database Access Layers (DAL): this article is for you.

Popularity: 1% [?]

There are a lot of web site attacking method now a days, one of the most attacking method that we can easily found is the SQL Injection.

First of all, before you know about the SQL Injection, you may need to know what is SQL. Structured Query Language (‘SQL’) is a textual language used to interact with relational databases.

There are many varieties of SQL; most dialects that are in common use at the moment are loosely based around SQL-92, the most recent ANSI standard. The typical unit of execution of SQL is the ‘query’, which is a collection of statements that typically return a single ‘result set’. SQL statements can modify the structure of databases (using Data Definition Language statements, or ‘DDL’) and manipulate the contents of databases (using Data Manipulation Language statements, or ‘DML’). In this paper, we will be specifically discussing Transact-SQL, the dialect of SQL used by Microsoft SQL Server.

SQL Injection occurs when an attacker is able to insert a series of SQL statement into a ‘query’ by manipulating data input into an application.

The attacker may use the try and error method to study the database table structure and may inject the statement either to read, delete, edit your data in database or more  dangerous is they may take control ovre your database server.

The following PDF file explain the SQL injection in more detail, you may download, study and understanding the most common SQL Injection technique use by the attacker.

Advance SQL Injection (232)

Popularity: 1% [?]

In SQL, basically there are two ways to Insert data into a table; one is insert it one row per time, another way is insert multiple rows at a times.

For the first method (insert one row per time) is the most common way to insert data into database that we will use normally, and the sample sql syntax as below:

Insert into table1 (col1, col2, col3)
values (value1, value2, value3)

The other insert method that we seldom use, but it may be useful if you like to copy and insert more then one row of record into a table at a time. You may include the Select statement to specify the data that you want to insert into the tables.

The SQL syntax as below:

INSERT INTO table1(col1, col2, cols3)

SELECT value1, value2, value3
FROM table2
WHERE value4 = 1998

There is another way of writing the same SQL:

Select value1, value2, value3

Into table1

From table2

WHERE value4 = 1998

Popularity: 1% [?]

Normally to get the number of row for a particular table, where we will do is as the following query:

select count(*) from Table_name

Yes, you may get your result very fast if your table is very small, but if your table is more then 100k rows, then you may face some delay on that. What the above query do is actually it run the full table scan to get the row count. The scaning can be Logically or Physically. Logically mean that the SQL server only scan from the catch memory, whereas physically scan mean that it really scan through your table.

Actually there is anther alternative way to get the total row count for a table. You can ultilize the sysindexes system table for this purpose.

There is ROWS column in the sysindexes table. This column contains the total row count for each table in your database. So, you can use the following select statement instead of above one:

SELECT rows
FROM sysindexes
WHERE id = OBJECT_ID(‘table_name’) AND indid < 2

There are physical read and logical read operations. A logical read occurs if the page is currently in the cache. If the page is not currently in the cache, a physical read is performed to read the page into the cache. To see how many logical or physical read operations were made, you can use SET STATISTICS IO ON command.

The example:

SET STATISTICS IO ON

GO

SELECT count(*) FROM tbTest

GO

SELECT rows FROM sysindexes WHERE id = OBJECT_ID(‘tbTest’) AND indid < 2

GO

SET STATISTICS IO OFF

GO

---

Result:

———–

10000

(1 row(s) affected)

Table ‘tbTest’. Scan count 1, logical reads 32, physical reads 0, read-ahead reads 0.

rows

———–

10000

(1 row(s) affected)

Table ‘sysindexes’. Scan count 1, logical reads 2, physical reads 0, read-ahead reads 0.

Popularity: 1% [?]

I believe all the DBA know that how important is “Index” in the database if you would like to optimize the database server performance. It maybe a pain for your server if you create the index wrongly.

Here are some check lists on the index optimization that you should bear in mind and should go through. This is the foundation of the index optimization but it mean and help you a lot, if you already follow and apply all the checklist below, then you may need to try out more experiment to get more optimize:

Index optimization checklist:

• Create Index on frequently used columns in T-SQL Code. Columns used in WHERE, ORDER BY and GROUP BY are good candidate for Indexes. Create Index on columns which are used in JOIN Condition.
• Remove any un-necessary Indexes. As Index occupies hard drive space as well as it decreases performance of the entire insert, updates, deletes to the table.
• Smaller Index Key gives better performance than Index key which covers large data or many columns
• Index on Integer Columns performs better than varchar columns.
• Clustered Index must exist before creating Non-Clustered Index.
• Clustered Index must be created on Single Column which is not changing and narrow in size. Best candidate is primary key.
• Non-clustered Indexes increases performance of the query that returns fewer rows and rows has wide selectivity spectrum.
• Each table must have one Clustered Index.
• If column have low selectivity avoid creating Index on that column as it slow down the rows modification and system will not get benefit from Index.
• Multiple Columns Index or Covered Index should be ordered as Most Selective column on left and gradually decreasing selectivity as they go right.
• Use SORT_IN_TEMPDB option when table is created if tempdb is on different disk. This will increase the performance to create Index.
• Rebuild Index frequently using ALTER INDEX and De-fragment Index to keep performance optimal for Indexes.

Popularity: 3% [?]