One of the issues I see often in code on Stack Overflow is SQL injection. I still typically answer multiple questions per week that include, along with the rest of answer, some form of the text, “This is scary-vulnerable to SQL injection issues.” This is a “Really Big Deal”™. It’s one of about three things […]
Entries Tagged as 'Sql Server'
Let’s Make a Single Statement Mode for ADO.NET
September 5th, 2022 · No Comments · .net, security, sql, Sql Server, stackoverflow
Tags:
SQL and Dates
July 13th, 2022 · No Comments · development, sql, Sql Server
I want to clear up a few common issues I often see related to date values in SQL. Column Types The first of these is storing dates in a string column type, like varchar or nvarchar. Schemas that do this need to be fixed, because they really are broken. When you do this, you don’t […]
SQL vs NoSql
April 29th, 2022 · No Comments · development, sql, Sql Server
If you’ve heard of NoSql, maybe you wonder what it is and how it compares to a traditional SQL database. Let’s take a look. SQL databases store well-structured data using known schemas. They require rigid adherence to a set of design principles, but provide amazing power if you can learn those principles and the associated […]
Tags:
Certificate Authentication in SQL Server
November 23rd, 2020 · No Comments · development, networking, security, sql, Sql Server
I sometimes see questions asking how to do certificate authentication in SQL Server. Contrary to what you may have heard, SQL Server does indeed have support for certificate authentication. It just looks a little different from how some other database products do it. Instead, SQL Server’s equivalent option is the Integrated Security feature. It works like this…
Tags:
The N Word
May 9th, 2014 · No Comments · sql, Sql Server
No, not that N word. I’m talking about N string literal prefixes in T-SQL. Like this: SELECT * FROM Foo WHERE Bar = N’Baz’ If you don’t know what that N is for, it tells Sql Server that your string literal is an nvarchar, rather than a varchar… that is, that the string literal may […]
Tags: