T-SQL

Ed Pollack
Sample form with validation errors that protect the underlying code from SQL injection attacks.

SQL Injection: Detection and prevention

August 30, 2019 by

Summary

With an understanding of what SQL injection is and why it is important to an organization, we can shift into a discussion of how to prevent it. We ultimately want systems where SQL injection is impossible or very difficult to pull off. We then want systems where exploiting bugs is slow, laborious, and likely to raise monitoring alarms within an organization when attempted. The trio of layered security, prevention, and alerting can provide an immense advantage against not only SQL injection, but other data security threats.

Read more »
Ed Pollack
Attempting to locate a SQL injection vulnerability by entering special characters into form fields.

SQL Injection: What is it? Causes and exploits

August 30, 2019 by

Summary

Many security vulnerabilities are discovered, patched, and go away forever. Some linger and continue to plague software development and will continue to do so for years to come. Setting aside social engineering and non-technical attacks, SQL injection remains one of the top security threats to our data, as well as one of the most misunderstood.

Read more »
Sifiso W. Ndlovu
Data imported using Custom SQL Statement.

Monitor batch statements of the Get Data feature in Power BI using SQL Server extended events

July 1, 2019 by

One shared characteristic among popular data visualization tools such as Power BI is the ease at which data can be extracted from a variety of disparate data sources, usually at a click of a button, as shown in Figure 1. Such convenience, though, tends to come at a cost as you often have little control over how background scripts used to extract data are generated. Yet, this should be of utmost concern for data architects and BI developers alike as rarely do you find auto-generated scripts that are efficient and optimal. In this article, join me as I put on my DBA hat and trace, monitor and review SQL batch statements that are auto-generated by the Get Data feature in Power BI using SQL Server Extended Events.

Read more »
Rajendra Gupta

Overview of SQL Server Rounding Functions – SQL Round, Ceiling and Floor

June 26, 2019 by

Developers deal with numerous data types on a day- to-day basis. We need to change the data type or format as per the user requirement. We use ‘SQL Server rounding function’ like SQL Round, Ceiling and Floor to round the values to the nearest numbers. We perform an arithmetic calculation on data as well. It is a challenging task to change the value of a number to an approximate number. We do not want to display decimal numbers in the application front end.

Read more »