Share This :)

SQL INJECTIONS So What it is??
An attack technique used to exploit web sites by altering backend SQL statements through manipulating application input
Description copied from: http://www.webappsec.org/glossary.html#SQLInjection

SQL Injection happens when a developer accepts user input that is directly placed into a SQL Statement and doesn’t properly filter out dangerous characters. This can allow an attacker to not only steal data from your database, but also modify and delete it. Certain SQL Servers such as Microsoft SQL Server contain Stored and Extended Procedures (database server functions). If an attacker can obtain access to these Procedures it may be possible to compromise the entire machine. Attackers commonly insert single qoutes into a URL’s query string, or into a forms input field to test for SQL Injection. If an attacker receives an error message like the one below there is a good chance that the application is vulnerable to SQL Injection.

Microsoft OLE DB Provider for ODBC Drivers error ‘80040e14′
[Microsoft][ODBC SQL Server Driver][SQL Server]Incorrect syntax near the
keyword ‘or’.
/wasc.asp, line 69

Share This :)

At last Management agreed to buy a new G5 Series at office. Order placed and HP local dealer delivered it within 24 Hrs!.

Original Article

Overview

The flagship HP ProLiant ML370 G5 provides industry-leading management, performance and availability in a dual processor expansion server engineered to excel in a variety of environments from corporate work groups in growing businesses to critical remote sites requiring continuous accessibility and uptime.

What’s new

Introducing the HP ProLiant ML370 G5. Now available with the latest Quad-Core Intel® Xeon® 5400 Series processor. Customers can configure up to 64GB of memory which is ideal for virtualization and 16 drives. Performance models are also available for convenient fully loaded configurations.

Image:

Performance

Quad-Core Intel Xeon 5400 series processors with 12MB Level 2 cache (2 x 6MB) and 1333MHz front-side bus for blazing performance

Six (6) PCI-Express + Two (2) PCI-X Non-hot plug I/O

Maximum 16 Fully Buffered DIMMs of 4:1 interleaved PC2-5300 667MHz DDR2 memory with Advanced ECC capabilities including Online Spare and Mirrored Memory (8 FB DIMMs per memory card; up to 2 supported); Maximum memory: 64GB

Plenty of room for expansion with support for up to 16 drives with optional 2nd 8-bay cage

Management

HP Integrated Lights-Out 2 (iLO2) industry leading remote management with high performance KVM support over IP and shared network access

Systems Insight Display for quick and easy server diagnostics (front drop-down panel)

SmartStart 7.5

HP Power Regulator for Intel Xeon processors

Design and Connectivity

Class B acoustics (decreased from Class C)

Removable media bay security panel in addition to secured access to hot plug hard drives

2 open half-height media bays for diskette drives and tape backup which can rotate for easy tower rack conversion

2 front USB ports (front VGA on rack models)

Options

Supports up to 16 drives with optional 2nd 8-bay cage

Hot plug fans and power with optional redundancy

•	Support for half and full height tape

•	High Performance models with 2nd processor, SCSI controller, extra memory, redundant fans and power supplies

Ideal environment

A variety of environments from corporate work groups to critical remote sites

•	Scalable system ideal for Virtualization Environments

•	Engineered to optimize system performance and ease of serviceability

•	Large internal storage capacity for everything from web apps to databases

•	24/7 accessibility using Integrated Lights Out with either shared or dedicated network access to remote sites

Growing businesses with expandability requirements

•	Mixture of PCI-X and PCI-Express I/O slots allow users to choose the expansion card technology

•	8-bay standard drive cage provides up to 1.168TB of storage (8 x 146GB) and the 8-bay optional drive cage can add more than 1.168 of extra data space (8 x 146GB)

•	Plenty of space for internal tape backup

Critical remote sites

•	Manage seamlessly from anywhere, anytime with Integrated Lights Out 2 and HP Systems Insight Manager

•	Monitor and maintain all your ProLiant servers with HP Systems Insight Manager

•	Enterprise-class redundancy features provide best in class availability and uptime for critical applications

Share This :)

• 1. Q. What does SQL stand for?
  A. Structured Query Language
• 2. Q. How do you select all records from the table?
  A. Select * from table_name;
• 3. Q. What is a join?
  A. Join is a process of retrieve pieces of data from different sets (tables) and returns them to the user or program as one “joined” collection of data.
• 4. Q. What kinds of joins do you know? Give examples.
  A. We have self join, outer joint (LEFT, RIGHT), , cross-join ( Cartesian product n*m rows returned)

Exp:
outer joint
SELECT Employee.Name, Department. DeptName
FROM Employee, Department
WHERE Employee.Employee_ID = Department.Employee_ID;

cross-join
SELECT * FROM table1, table2;

self join
SELECT e1.name | |’ ‘ | | e2.ename FROM emp e1, emp e2 WHERE e1. emp_no = e2.emp_no;

The following summarizes the result of the join operations:

The result of T1 INNER JOIN T2 consists of their paired rows where the join-condition is true.
# # The result of T1 LEFT OUTER JOIN T2 consists of their paired rows where the join-condition is true and, for each unpaired row of T1, the concatenation of that row with the null row of T2. All columns derived from T2 allow null values.

# The result of T1 RIGHT OUTER JOIN T2 consists of their paired rows where the join-condition is true and, for each unpaired row of T2, the concatenation of that row with the null row of T1. All columns derived from T1 allow null values.

# The result of T1 FULL OUTER JOIN T2 consists of their paired rows and, for each unpaired row of T2, the concatenation of that row with the null row of T1 and, for each unpaired row of T1, the concatenation of that row with the null row of T2. All columns derived from T1 and T2 allow null values.

• 5. Q. How do you add record to a table?
  A. INSERT into table_name VALUES (‘ALEX’ , 33 , ‘M’);
• 6. Q. How do you add a column to a table?
  A. ALTER TABLE Department ADD (AGE, NUMBER);
• 7. Q. How do you change value of the field?
  A. UPDATE EMP_table set number = 200 where item_munber = ‘CD’; update name_table set status = ‘enable’ where phone = ‘4161112222′; update SERVICE_table set REQUEST_DATE = to_date (’2006-03-04 09:29′, ‘yyyy-mm-dd hh24:MI’) where phone = ‘4161112222′;
• 8. Q. What does COMMIT do?
  A. Saving all changes made by DML statements
• 9. Q. What is a primary key?
  A. The column (columns) that has completely unique data throughout the table is known as the primary key field.
• 10. Q. What are foreign keys?
  A. Foreign key field – is a field that links one table to another table’s primary or foreign key.
• 11. Q. What is the main role of a primary key in a table?
  A. The main role of a primary key in a data table is to maintain the internal integrity of a data table.
• 12. Q. Can a table have more than one foreign key defined?
  A. A table can have any number of foreign keys defined. It can have only one primary key defined.
• 13. Q. List all the possible values that can be stored in a BOOLEAN data field.
  A. There are only two values that can be stored in a BOOLEAN data field: -1(true) and 0(false).
• 14 Q. What is the highest value that can be stored in a BYTE data field?
  A. The highest value that can be stored in a BYTE field is 255. or from -128 to 127. Byte is a set of Bits that represent a single character. Usually there are 8 Bits in a Byte, sometimes more, depending on how the measurement is being made. Each Char requires one byte of memory and can have a value from 0 to 255 (or 0 to 11111111 in binary).
• 15. Q. How many places to the right of the decimal can be stored in a CURRENCY data field?
  A. The CURRENCY data type can store up to four places to the right of the decimal. Any data beyond the fourth place will be truncated by Visual Basic without reporting an error.
• 16. Q. What is a stored procedure?
  A. A procedure is a group of PL/SQL statements that can be called by a name. Procedures do not return values they perform tasks.
• 17. Q. Describe how NULLs work in SQL?
  A. The NULL is how SQL handles missing values. Arifthmetic operation with NULL in SQL will return a NULL.
• 18. Q. What is Normalization?
  A. The process of table design is called normalization.
• 19. Q. What is referential integrity constraints?
  A. Referential integrity constraints are rules that are partnof the table in a database schema.
• 20. Q. What is Trigger?
  A1. Trigger will execute a block of procedural code against the database when a table event occurs.
  A2. A trigger defines a set of actions that are performed in response to an insert, update, or delete operation on a specified table. When such an SQL operation is executed, in this case the trigger has been activated.
• 21. Q. Which of the following WHERE clauses will return only rows that have a NULL in the PerDiemExpenses column?
  A. WHERE PerDiemExpenses B. WHERE PerDiemExpenses IS NULL C. WHERE PerDiemExpenses = NULL D. WHERE PerDiemExpenses NOT IN (*) A. B is correct � When searching for a NULL value in a column, you must use the keyword IS. No quotes are required around the keyword NULL.
• 22. Q. You issue the following query:SELECT FirstName FROM StaffListWHERE FirstName LIKE’_A%’Which names would be returned by this query? Choose all that apply.
  A. Allen B. CLARK C. JACKSON D. David A. C is correct � Two wildcards are used with the LIKE operator. The underscore (_) stands for any one character of any case, and the percent sign (%) stands for any number of characters of any case including none. Because this string starts with an underscore rather than a percent sign, it won’t return Allen or Clark because they represent zero and two characters before the “A”. If the LIKE string had been “%A%”, both of these values would have been returned. David was not returned because all non-wild card characters are case sensitive. Therefore, only strings with an uppercase “A” as their second letter are returned
• 23. Q. Write a SQL SELECT query that only returns each city only once from Students table? Do you need to order this list with an ORDER BY clause?
  A. SELECT DISTINCT City FROM Students; The Distinct keyword automatically sorts all data in ascending order. However, if you want the data sorted in descending order, you have to use an ORDER BY clause
• 24. Q. Write a SQL SELECT sample of the concatenation operator.
  A. SELECT LastName ||’,’ || FirstName, City FROM Students;
• 25. Q. How to rename column in the SQL SELECT query?
  A. SELECT LastName ||’,’ || FirstName AS “Student Name”, City AS “Home City” “FROM StudentsORDER BY “Student Name”
• 26. Q. Write SQL SELECT example how you limiting the rows returned with a WHERE clause.
  A. SELECT InstructorID, Salary FROM Instructors WHERE Salary > 5400 AND Salary < 6600;
• 27. Q. Write SQL SELECT query that returns the first and last name of each instructor, the Salary, and gives each of them a number.
  A. SELECT FirstName, LastName, Salary, ROWNUM FROM Instructors;
• 28. Q. Which of the following functions can be used only with numeric values? (Choose all that apply.)
  A. AVG B. MIN C. LENGTH D. SUM E. ROUND A. A and D � Only A and D are correct. The MIN function works with any character, numeric, or date datatype. The LENGTH function is a character function that returns the number of letters in a character value. The ROUND function works with both numeric and date values.
• 29. Q. Which function do you use to remove all padded characters to the right of a character value in a column with a char datatype?
  A. RTRIM B. RPAD C. TRIM A. C � The TRIM function is used to remove padded spaces. LTRIM and RTRIM functions were included in earlier versions of Oracle, but Oracle 8i has replaced them with a single TRIM function
• 30. Q. Which statement do you use to eliminate padded spaces between the month and day values in a function TO_CHAR(SYSDATE,’Month, DD, YYYY’) ?
  A. To remove padded spaces, you use the “fm” prefix before the date element that contains the spaces. TO_CHAR(SYSDATE,’fmMonth DD, YYYY’)
• 31. Q. Is the WHERE clause must appear always before the GROUP BY clause in SQL SELECT ?
  A. Yes. The proper order for SQL SELECT clauses is: SELECT, FROM, WHERE, GROUP BY, HAVING, ORDER BY. Only the SELECT and FROM clause are mandatory.
• 32. Q. How Oracle executes a statement with nested subqueries?
  A. When Oracle executes a statement with nested subqueries, it always executes the innermost query first. This query passes its results to the next query and so on until it reaches the outermost query. It is the outermost query that returns a result set.
• 33. Q. Which operator do you use to return all of the rows from one query except rows are returned in a second query?
  A. You use the MINUS operator to return all rows from one query except where duplicate rows are found in a second query. The UNION operator returns all rows from both queries minus duplicates. The UNION ALL operator returns all rows from both queries including duplicates. The INTERSECT operator returns only those rows that exist in both queries.
• 34. Q. How you will create a column alias? (Oracle 8i)
  A. The AS keyword is optional when specifying a column alias. You must enclose the column alias in double quotes when the alias contains a space or lowercase letters. If you specify an alias in l owercase letters without double quotes, the alias will appear in uppercase.
• 35 Q. Which of the following statements are Data Manipulation Language commands?
  A. INSERT B. UPDATE C. GRANT D. TRUNCATE E. CREATE A. A and B � The INSERT and UPDATE statements are Data Manipulation Language (DML) commands. GRANT is a Data Control Language (DCL) command. TRUNCATE and CREATE are Data Definition Language (DDL) commands
• 36. Question. What is Oracle locking?
  A. Oracle uses locking mechanisms to protect data from being destroyed by concurrent transactions.
• 37. Question. What Oracle lock modes do you know?
  A. Oracle has two lock modes: shared or exclusive. Shared locks are set on database resources so that many transactions can access the resource. Exclusive locks are set on resources that ensure one transaction has exclusive access to the database resource
• 38. Question. What is query optimization?
  A. Query optimization is the part of the query process in which the database system compares different query strategies and chooses the one with the least expected cost
• 39. Question. What are the main components of Database management systems software.
  A. The database management system software includes components for storage management, concurrency control, transaction processing, database manipulation interface, database definition interface, and database control interface.
• 40. Question. What are the main attributes of database management system?
  A. A database management system is composed of five elements: computer hardware, software, data, people (users), and operations procedures.
• 41. Question. What is transaction?
  A. A transaction is a collection of applications code and database manipulation code bound into an indivisible unit of execution. it consists from: BEGIN-TRANSACTION Name Code END TRANSACTION Name

==END==

Share This :)

How to check which SQL Version is Running?

SELECT ‘SQL Server ‘
+ CAST(SERVERPROPERTY(’productversion’) AS VARCHAR) + ‘ – ‘
+ CAST(SERVERPROPERTY(’productlevel’) AS VARCHAR) + ‘ (’
+ CAST(SERVERPROPERTY(’edition’) AS VARCHAR) + ‘)’

SQL server Date and Time Format

SELECT CONVERT(CHAR(8), GETDATE(), 112)

and

SELECT CONVERT(VARCHAR, GETDATE(), ‘YYYYMMDD’)

Share This :)

What is that???

Log shipping is the process of automating the backup of database and transaction log files on a production SQL server, and then restoring them onto a standby server. But this is not all. The key feature of log shipping is that is will automatically backup transaction logs throughout the day (for whatever interval you specify) and automatically restore them on the standby server. This in effect keeps the two SQL Servers in “synch”. Should the production server fail, all you have to do is point the users to the new server, and you are all set. Well, its not really that easy, but it comes close if you put enough effort into your log shipping setup.

What Are The Benefits???

• Log shipping doesn’t require expensive hardware or software. While it is great if your standby server is similar in capacity to your production server, it is not a requirement. In addition, you can use the standby server for other tasks, helping to justify the cost of the standby server. Just keep in mind that if you do need to fail over, that this server will have to handle not one, but two loads. I like to make my standby server a development server. This way, I keep my developers off the production server, but don’t put too much work load on the standby server.

• Once log shipping has been implemented, it is relatively easy to maintain.

• Assuming you have implemented log shipping correctly, it is very reliable.

• The manual failover process is generally very short, typically 15 minutes or less.

• Depending on how you have designed your log shipping process, very little, if any, data is lost should you have to failover. The amount of data loss, if any, is also dependent on why your production server failed.

• Implementing log shipping is not technically difficult. Almost any DBA with several months or more of SQL Server 7 experience can successfully implement it.