SQL Server ::
Articles regarding SQL ServerMicrosoft delivers MySQL-to-SQL database migration tool
Posted on :: Aug 13
What are and How to Use Stored Procedures
Posted on :: Jun 8
In this Tutorial/Article (and it is a rather long one, I explore what a Stored Procedure is and how to use them to speed up your Application and Application Development.
What's the difference between an inner join and an outer join?
Posted on :: Jun 8
When you wish to get data from two related tables, you can use an inner join or an outer join to define how the data is related, with the use of Inner and Outer Joins and exploring and explaining the differences.
Optimizing and Backing-up a MySQL Database in Coldfusion
Posted on :: Oct 15
If you're working on databases and want to either Optimize of Backup your Database, you should automatically optize all the list of tables and then back it up.
Using Coldfusion to Import CSV Files
Posted on :: Jul 29
Using Coldfusion to Import data into mySQL
Many times we need a quick and easy way of importing data into our website databases. The CSV file format is one of the defacto standards for moving data between databases easily. Virtually all databases allow exported to CSV format. And virtually all database support importing a CSV formatted file. So why use Coldfusion to do this mundane task? Simply put it is database independant - in this example I created a simple script that reads a CSV file and inserts the records into a matched mySQL table. When I first started looking at this I was surprised that I could find very little of how to achieve this. So now that I have it worked out I thought I could share this little piece...
Lets set the stage:
Spectral Core, great product, even better Service!
Posted on :: Jun 17
For a While now, I've been contemplating and evaluating a plethora of Database Conversion Scripts, ranging from ESF Database Express to Spectral Core Full Convert Enterprise and everything inbetween.
Of all the products I tried, Spectral Core was indeed the best one I had used. After Exiting my Trial Version, there's a nice little comments form asking for your feedback. Well I filled out, stating tha tI had no problems with the product, and that I'd buy it, just that it was too Expensive (I just didn't have the $300 for it...but I did have a small budget to work with) for me to Purchase.
Well, within 10-20 minutes later I have this email in my mailbox from them, asking me what price range would I be suitable with to purchase the system, I nearly insulted him with the Price I had recommended to him (I later discovered that the Person with whom I was commnicating with was the owner), however I have to say that he did indeed agree with me that the price that I was quoting (which was the MAXIMUM of MY Budget for said software type) was indeed somewhat disagreeable.
Well, an email later I was offered a substanital discount (nevertheless still out of my budget).
All things aside, we worked out an arrangement for a suitable and agreeable price, and the owner of the Company has been very very responsive to my emails.
Now, onto the product itself...
Preventing SQL Injection in .NET
Posted on :: Jun 12
Over the past few weeks there have been reports and commentary about SQL injection attacks being launched against both classic ASP and ASP.NET sites.
Included in this post are VB.NET and C# samples that can be used to screen incoming query-string, form and cookie values for potential Sql injection values. However because valid input data varies from website to website, it is not possible to write a one-size-fits-all screening mechanism. You can modify the sample code included in this post to tighten or loosen the character sequences as appropriate for your website.
Also as a reminder, if a website makes heavy use of dynamically constructed Sql (as opposed to parameterized Sql or parameterized stored procedures) it is a best practice to escape all single quotes contained in un-trusted web input. Since it is not possible to make this replacement using the HttpModule/BeginRequest approaches shown below, you can instead scrub a website's code and perform the escaping in all places where dynamic Sql is being built.
Update one table from another using a join
Posted on :: Jun 2
SQL: Data Types
Posted on :: Apr 29
This is probably a little late in the coming, however I've included the following which is a list of general SQL datatypes that may not be supported by all relational databases. I know however that MySQL and SQL Server support these datatypes.
Upgrading SQLExpress to Standard or Enterprise
Posted on :: Apr 24
Microsoft so very graciously provides a free version of SQL 2005, SQL Express, with MOSS. If you install MOSS using the Basic option or Single Server under Advanced you get SQL Express automatically. So what if as a budding newbie SharePoint admin you chose the Basic option, but now as a wise aged SharePoint admin you've seen the error of your ways and want to use a more respectable version of SQL for your SharePoint backend? You're in luck. In this blog post I'll walk you through upgrading SQL Express to SQL Standard or Enterprise.
Configuring Your Home Computer to Run Apache Server, PHP, MySQL, ColdFusion, and IIS
Posted on :: Apr 2
This tutorial for installing WAMP Server (Apache, PHP, MySQL, and phpMyAdmin)
was written for the students in the Web Page Design program at the Contra Costa
ROP. This tutorial will cover basic server installation for web development
testing purposes on your home computer. This tutorial will not cover all of the
necessary security settings used to create a public web server.Understanding and Using CFCs (with OOP and database interaction)
Posted on :: Mar 31
First off, this is a rather long and detailed tutorial. In this tutorial we will go over the basics of creating CFCs. This tutorial was created mostly in part because it seemed to me there was a very limited number of articles and tutorials addressing the subject of practacle CFC development.
I will be using a number of terms in this tutorial that are common in the world of Object Oriented Programming (or OOP). Even though CFCs do not share all aspects of objects in true OOP languages, we can benefit by using those aspects that are available.
Using ColdFusion's CFDBInfo to Dynamically Output Database Columns and Tables
Posted on :: Mar 23
The ColdFusion tag CFDBInfo was introduced in ColdFusion 8. I finally got around to playing with it and thought someone other than me might find this useful. I was thinking of using it for creating a dynamic SQL dump for some of my projects I'm currently writting, and thought I should share it with the world.
There are a ton of uses for this excellent CF Tag, and I've included a few samples below.
When will cfqueryparam NOT protect me?
Posted on :: Mar 23
Guess what, Using CFPARAM in your ColdFusion code, may not always save you from SQL Injection.
"How?", you may ask. Let me give you an example of an SQL injection attack that's not caught by cfqueryparam.
SQL injection can occur any time cautions are not taken to completely separate your SQL code from its parameters and the parameters being passed in are allowed to flow into the SQL statement itself. SQL injection can also occur when building the SQL statement's table and column names dynamically.SQL Server 2008 RC0 Express on Vista
Posted on :: Nov 17
I wanted to get Express installed on my machine and so I downloaded the RC0 (of Express with Advanced Services) and ran it.
BTW there is is this Akamai download manager behind all of the RC0 downloads which you have to allow to run to get the download to start. If all is well you should have this download client running (and let me know if this is giving you grief):
SQL Server 2005 on Windows Vista
Posted on :: Nov 17
I've seen this issue pop up a few times so I thought I'd share a few quick tips / tricks to getting SQL Server 2005 to work on Vista.
If you see an error saying "Microsoft Internet Information Services (IIS) is either not installed or is disabled.", but you're sure you did in fact install IIS7, you are not alone. There are several required IIS components for SQL Server to install properly on Vista and if you don't have the complete set you will see this error.
Preventing SQL Injection
Posted on :: Nov 17
Most web applications interact with a database, and the data stored therein frequently originates from remote sources. Thus, when creating an SQL statement, you often use input in its construction. A typical SQL injection attack exploits this scenario by attempting to send fragments of valid SQL queries as unexpected values of GET and POST data. This is why an SQL injection vulnerability is often the fault of poor filtering and escaping, and this fact cannot be stressed enough.
I'm going to explains SQL injection by looking at a few example attacks and then introducing some simple and effective safeguards. By applying best practices, you can practically eliminate SQL injection from your list of security concerns.
Preventing SQL Injection in PHP & Coldfusion
10 reasons why SQL Server 2008 could rock
Posted on :: Nov 6
Just like its predecessor, SQL Server 2008 is taking its sweet time to actually ship. However, unlike its predecessor, it won't just be a "worthwhile upgrade". It will kick ass. I've already downloaded the SQL SErver 2008 RC0, and it will indeed kicked ass.
Here are the top 10 reasons why.
MySQL or SQL Server?
Posted on :: Nov 6
Look beyond politics and hype when deciding which to use.
Takeaway: MySQL may be free, but what if money isn't the only determining factor? Find out how these two database heavyweights stack up against each other and how to decide which one to use as your database system.
Two of the most popular back-end data stores Web developers work with today are MySQL and SQL Server. They are fundamentally similar in that both are data storage and retrieval systems. You can use SQL to retrieve data with either because both claim support for ANSI-SQL. Both database systems support primary keys and key indices, so you can also create indices used simply to speed up queries and for constraining input. Further, both provide some form of XML support.
Aside from the obvious difference of price, what distinguishes these two products from each other, and how do you choose between them? Let's take a look at the core differences between these two products, including licensing costs, performance, and security.