Database Links
»
TAGS: Databases, Links, TECH
Links that lead to off-site pages about databases.
Connection strings
- ConnectionStrings.com
- "SQL Server Connection Strings" [http://www.sqlteam.com/article/sql-server-connection-string] [20071126]
- SQLStrings.com
Database makers
-
By scale
- IBM.com. "DB2" is king of the mainframe.
- Oracle.com. King of midrange... for now. 64 bit!
- NCR.com. Their "Teradata" RDBMS runs on its own OS (a UNIX variant).
-
Microsoft.com, esp. MSDN.Microsoft.com.
- "SQL Server" straddles the gap between enterprise and small business. 64 bit challenges Oracle!
- "Access" is biquitous because MS Office is ubiquitous. All sorts of uses.
-
Sybase.com.
- Sybase's "ASE" (Adaptive Server Enterprise) is for UNIX. ASE code was shared with MS to make SQL Server for OS/2. Until v4.9, ASE and MS SQL Server were identical.
- Sybase IQ for data warehousing.
-
By sales (Ref: IDC.com 2002)
- Oracle 39.4% (-5%) of revenue with $5.1 billion.
- IBM 33.6% (+9%) with $4.3 billion.
- Microsoft 11.1% (+15%) with $1.4 billion.
- Sybase.
- NCR.
- Others.
-
Open source. % of open source deployments ref: http://news.zdnet.co.uk/software/applications/0,39020384,39185042,00.htm.
- FirebirdSQL.org. 39% of deployments.
- MySQL.com. 40% of deployments. Wikipedia and Slashdot use MySQL.
- PostgreSQL.org. 11% of deployments.
SQL injection
SQL injection is a security vulnerability that tries to abuse user input.
EGs:
"select * from users where name='" + UserName "';" //if 's not escaped as '', may become: select * from users where name='' or ''=''; "select * from users where name='" + UserName "';" //if --s not checked, may become: select * from users where name='' or (1=1)--'; "select * from users where name='" + UserName "';" //if ;s not checked, may become: select * from users where name='';delete users "select * from users where id=" + UserID //if datatype or length not checked, may become: select * from users where id=4 or id is not null; //Limit the permissions given to the SQL login. //Instead of "SELECT * ...", use something like "SELECT price ..." //Store sensitive info like passwords as hashes.
- SQL injection [W]
- "New SQL Truncation Attacks And How To Avoid Them" [http://msdn.microsoft.com/msdnmag/issues/06/11/SQLSecurity/default.aspx]
- "Protecting Yourself from SQL Injection Attacks" [4guysfromrolla.com/webtech/061902-1.shtml]
- "SQL Injection!" [sqlservercentral.com/columnists/chedgate/sqlinjection.asp]
- "Updated SQL Injection" [sqlservercentral.com/columnists/mcoles/updatedsqlinjection.asp]
Miscellany
-
Articles and pieces
- http://www.oreilly.com/catalog/transqlcook/chapter/ch08.html. Chapter 8 Statistics in SQL from the book Transact-SQL Cookbook (2002) by Ales Spetic, Jonathan Gennick.
-
"Four Rules for NULLs" (2005-06-27) [http://www.sqlservercentral.com/articles/Advanced+Querying/fourrulesfornulls/1915/]. By Michael Coles. Also by Coles: "Sic Semper NULL" (2007-04-10); "NULL Versus NULL?" (2007-07-26). The 4 rules are:
- Use NULLs to indicate unknown/missing information only. Do not use NULLs in place of zeroes, zero-length strings or other "known" blank values. Update your NULLs with proper information as soon as possible.
- In ANSI SQL, NULL is not equal to anything, even other NULLs! Comparisons with NULL always result in UNKNOWN.
- Use SET ANSI_NULLS ON, and always use ANSI Standard SQL Syntax for NULLs. Straying from the standard can cause problems including portability issues, incompatibility with existing code and databases and returning incorrect results.
- The ANSI Standard COALESCE() and CASE syntaxes are preferred over ISNULL() or other proprietary syntax.
- "Build Date Generators and Manipulate Date and Time Data in SQL" [http://www.devx.com/dbzone/Article/33798]
- "Calculating Running Totals" [http://www.sqlteam.com/article/calculating-running-totals]
- "Creative Ways to Use the TOP Clause" [databasejournal.com/features/mssql/article.php/3647531]
- "Hidden RBAR: Triangular Joins" [http://www.sqlservercentral.com/articles/T-SQL/61539/]. By Jeff Moden, 2007-12-06. "Improperly written Triangular Joins are worse than even Cursors or While Loops and can bring a CPU and Disk System right to it's knees."
- "How to avoid Dynamic SQL in Stored Procedure" [http://devpinoy.org/blogs/leonidas/archive/2007/08/15/how-to-avoid-dynamic-sql-in-stored-procedure.aspx].
- "How to Share Data Between Stored Procedures". By Erland Sommarskog.
- "Implementing a Dynamic WHERE Clause" [sqlteam.com/item.asp?ItemID=2077]. Essentially construct a SQL string in a stored procedure, and then exec(sqlString). Also use the coalesce() function.
- "Normalizing Name Data in SQL Server" [http://www.samspublishing.com/articles/article.asp?p=25049&rl=1]. Practically a hopeless cause.
- "Practical Database Design". By IBM.
- "Sample ADO Connection Strings"
- "Server Side Paging With SQL Server 2005" [http://www.sqlservercentral.com/articles/Advanced+Querying/3181/]
-
"Should I use a #temp table or a @table variable?" [http://databases.aspfaq.com/database/should-i-use-a-temp-table-or-a-table-variable.html]. An excellent article. Basically don't bother with global temp tables (EG: ##MyTable) or temp permanent tables (EG: MyTable). There are very particular distinctions between local temp tables (EG: #MyTable) and table variables (EG: @MyTable), but here are some:
- Both clear when they go out of scope but table variables are cleared immediately whereas local temp tables are cleared by the system who knows when. Alternatively you could drop local temp tables as soon as you're done with them.
- You can't modify data in a local temp table within a user defined function.
- Table variables must be referenced with an alias, except in the FROM clause.
- "Solve a many-to-many relationship problem in Microsoft Access". This discusses making a user interface for handling many-to-many tables. The article uses Access as the DB but any database could be used. The UI solution is essentially that Table 1 (EG: Candidate) has 2 list boxes (EG: Languages and Available Languages) plus 2 buttons (EG: Add Language and Delete Language)."SQL 92 Specs"
- "SQL Server Database Coding Conventions, Best Practices, and Programming Guidelines" [sql-server-performance.com/vk_sql_best_practices.asp]. A must read.
- "Stored Procedures: Returning Data" [http://www.sqlteam.com/item.asp?ItemID=2644]
- "The Curse and Blessings of Dynamic SQL" [http://www.sommarskog.se/dynamic_sql.html]. By Erland Sommarskog.
- "Using a Subquery in a T-SQL Statement" [databasejournal.com/features/mssql/article.php/3464481]
- "Using Oracle PL/SQL" [http://www-db.stanford.edu/~ullman/fcdb/oracle/or-plsql.html]
-
Miscellany
- 4GuysFromRolla.com/WebTech/SQLGuru/
- DatabaseJournal.com
- IDC.com. "the world's leading provider of technology intelligence, industry analysis, market data, and strategic and tactical guidance to builders, providers, and users of information technology." Sort of like Gallup polls for the IT industry.
- TPC.org. The Transaction Processing Performance Council, "a non-profit corporation founded to define transaction processing and database benchmarks and to disseminate objective, verifiable TPC performance data to the industry.". Used by Intel, AMD, Oracle, MS SQL Server, etc.'
- SQLMag.com
- SQLQuiz.com. Generates quizzes with 15 random questions (from around 500) on basic SQL. Geared for people fairly new to SQL. Very clean and simple. Could be used for learning or very basic SQL screening. I'm surprised that there are no ads!
- SQLServerCentral.com. 'the largest Microsoft SQL Server community on the web with 230,636 registered members! SQLServerCentral.com offers you thousands of SQL Server articles, FAQs, scripts, and forums to help your professional development as a DBA, developer or user of SQL Server.'
- SQLTeam.com.
- SQL-tutorial.com. Free simple SQL tutorial.
2008-06-09 15:32:10Z