Skip to content

Instantly share code, notes, and snippets.

Bert Wagner bertwagner

Block or report user

Report or block bertwagner

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@bertwagner
bertwagner / RSSFeeds.opml
Created Jul 15, 2019
The OPML file of all of the SQL Server (and some other) RSS feeds I subscribe to as of 2019-07-01.
View RSSFeeds.opml
<?xml version="1.0" encoding="UTF-8"?>
<opml version="1.0">
<head>
<title>Bert's mostly SQL subscriptions in feedly Cloud</title>
</head>
<body>
<outline text="Marketing" title="Marketing">
<outline type="rss" text="Signal v. Noise" title="Signal v. Noise" xmlUrl="https://signalvnoise.com/posts.rss" htmlUrl="https://m.signalvnoise.com"/>
<outline type="rss" text="Austin Kleon" title="Austin Kleon" xmlUrl="http://feeds2.feedburner.com/AustinKleon" htmlUrl="https://austinkleon.com"/>
View CascadingDropdown-Years.js
[{
"Label": "2015",
"Value": "2015"
}, {
"Label": "2016",
"Value": "2016"
}, {
"Label": "2017",
"Value": "2017"
}]
View YellowstoneParkBoundary.geojson
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
View Earthquakes.geojson
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
View dbo.sp_GetFullNameFromTableSanitized.sql
CREATE PROCEDURE dbo.sp_GetFullNameFromTableSanitized
@ParmTableName varchar(100),
@ParmUserName varchar(100)
AS
BEGIN
DECLARE @FullQuery nvarchar(1000)
SET @FullQuery = N'SELECT FullName FROM dbo.' + QUOTENAME(@ParmTableName) + ' WHERE UserName = @UserName'
DECLARE @ParmDefinition nvarchar(100) = N'@UserName varchar(100)';
View sp_GetFullNameFromTable.sql
CREATE PROCEDURE dbo.sp_GetFullNameFromTable
@ParmTableName varchar(100),
@ParmUserName varchar(100)
AS
BEGIN
DECLARE @FullQuery nvarchar(1000)
SET @FullQuery = N'SELECT FullName FROM dbo.@TableName WHERE UserName = @UserName'
DECLARE @ParmDefinition nvarchar(100) = N'@TableName varchar(100), @UserName varchar(100)';
View Check for possible SQL injection.sql
-- This file tries to find stored procedures and functions that *may* be vulnerable to SQL injection attacks.
-- It works by searching your database for occurences of "+" signs followed by "@", indicating that SQL parameters
-- might be getting concatenated to a dynamic SQL string. It also checks for the existence of 'EXEC' to see if any
-- strings are being executed.
-- Not every result returned will be susceptible to SQL injection, however they should all be examined to see if they are vulnerable.
-- Originally fromn: https://github.com/bertwagner/SQLServer/blob/master/SQL%20Injection%20Vulnerabilities.sql
View dbo.sp_GetFullNameSafe2.sql
CREATE PROCEDURE dbo.sp_GetFullNameSafe2
@ParmUserName varchar(100)
AS
BEGIN
DECLARE @FullQuery nvarchar(1000)
SET @FullQuery = N'SELECT FullName FROM dbo.RegisteredUser WHERE UserName = @UserName'
DECLARE @ParmDefinition nvarchar(100) = N'@UserName varchar(100)';
EXEC sp_executesql @FullQuery, @ParmDefinition,
View dbo.sp_GetFullNameSafe.sql
CREATE PROCEDURE dbo.sp_GetFullNameSafe
@ParmUserName varchar(100)
AS
BEGIN
SELECT FullName FROM dbo.RegisteredUser WHERE UserName = @ParmUserName
END
You can’t perform that action at this time.