where benefit not in (
'Preventing update anomalies',
'Ensuring uniqueness of rows',
'Supporting (unknown) ad-hoc SQL queries',
'Allowing extensions to the data model',
'Representing entity relations',
'Improving consistency by avoiding redundancy'
no rows selected
While I tried to deflect how you perform SQL Injection attacks against a MySQL procedure, my students requested that I post examples of what to do to avoid SQL injection, and what not to do to invite attacks. The best practice to avoid SQL injection attacks is too always bind inputs to data types, and avoid providing completely dynamic
Here’s the correct way to dynamically generate a result from a MySQL Stored Procedure:
process_response_time number := 10;
It's far too easy to get stuck in a loop incrementally improving SQL runtimes when there's no defined SLA to hit.
In my experience these aren't no
The first quarter of 2013 is now history. And that means....it's time for the next championship competition! It also means that we are fast approaching the 3rd anniversary of the PL/SQL Challenge, but I'll talk more about that in the next newsletter.
The following players will be invited to participate in the Q1 2013 championship. The number in parentheses after their names are the number of playoffs in which they have already participated.
See the FAQ for an explanation of the three ways a player can qualify for the playoff.
insert into twitter_accounts (
) values (
I've finally decided to join this new-fangled twitter thing people keep talking about.
If you'd like to get in touch, just drop me a tweet.
select posts from sqlfail
Sometimes interesting problems lead to shock or dismay at the suppositions of why they occur. Why an
ORA-22979 is raised is one of those, and the error is typically:
select 'Enjoy your ' ||
substr(tzname, instr(tzname, '/')+1) ||
' ' || substr(text, 8, 3) || 's!'
as "Season's Greetings"
from v$timezone_names, all_source
where tzabbrev = 'EASST'
and tzname like
If you are using SQL*Plus, you are likely to use the input parameters. And if you omit one of them, SQL*Plus will show prompt for it, like this: