Skip to main content

LEN(NULL) != 0

Its pretty often that I run across SQL code that supposed to handle empty or null varchar values. But a lot of the time it doesn’t. And usually its because a developer has made the false assumption that null has a length of 0. It doesn’t. LEN(NULL) IS NULL. LEN(NULL) does not = anything. LEN(NULL) […]

How Common Are SQL Injection Vulnerabilities?

Michael Sutton has run a test to see how many websites have SQL injection issues and finds that 11% of the websites he tests are potentially vulnerable. The article is well written in that he discusses the methods used to select urls for testing, the change he uses to attempt a non-destructive SQL injection, and […]

When MONEY is not enough

SQL Server’s MONEY data type is where you should be looking first if you are storing something like prices and order totals. But what about pesky GST and VAT values? These sometimes need to extend out to 6, 8 or even more decimal places in order to calculate the correct tax inclusive price. Along comes […]

Changing a Database File Logical Name

Applies to: SQL Server 2000, SQL Server 2005 (Yukon) It’s pretty often I see the need for a database to be renames. Sometimes its because a developer has given their database a very generic name, or sometimes becuase the use of the database has shifted. Renaming a database is a pretty easy task (make sure […]

Column Confusion

– Don’t start column names with FK_ – Always name a FK column the same as the PK I happened to glance a database model today that had a column naming scheme that scared me: column names that started with FK_. I’m pretty sure the designer was intending to show that the column was actually […]