To ensure that future email messages you receive from SQL Server Magazine UPDATE aren't mistakenly blocked by antispam software, be sure to add SQLServerMag_UPDATE@list.windowsitpro.com to your list of allowed senders and contacts.
To receive SQL Server Magazine UPDATE in HTML format in the near future, click here http://list.windowsitpro.com/cgi-bin3/DM/y/ehrI0McMHC0Kj40BMGA0AMfirstname.lastname@example.org
This email newsletter comes to you free and is supported by the following advertisers, who offer products and services that might interest you. Please take a moment to visit these advertisers' Web sites and show your support for SQL Server Magazine UPDATE.
This Issue Sponsored By
XPrime Database Accelerator for SQL Server
Free SQL Server 2000 Training!
ALERT: Hackers Launching SQL Injection Attacks!
October 14, 2004
In September, we converted our email newsletters to HTML based on feedback that led us to believe most readers favored HTML format over text. Wow, did you respond to the change, with hundreds of you letting us know you want your text newsletters back!
So, effective Monday, October 11, we are moving our email newsletters back to text format. We also heard that many of you like HTML, and we've included a link (above) for anyone who wants to sign up for the HTML format, which we'll offer in addition to text when demand for this format has grown.
It's wonderful to see how much you care about the information you receive from SQL Server Magazine UPDATE, and we appreciate you taking time out of your busy day to tell us how you want your email newsletters delivered. Keep the feedback coming—we're listening!
Editor, SQL Server Magazine
Sponsor: XPrime Database Accelerator for SQL Server
Improve SQL Server performance by 500%! Learn how to Scale-Out SQL Server to 512 Xeons and 2TB RAM.
by Brian Moran, email@example.com
I talked with Microsoft's David Campbell at the Professional Association for SQL Server (PASS) Summit a couple of weeks ago about SQL Server's evolution from SQL Server 6.5 to SQL Server 2000 and the upcoming release of SQL Server 2005—and beyond.
Campbell—general manager for the SQL Server relational engine, replication, mobile, data access, and XML teams—noted that SQL Server 7.0 was "all about technology" and making a major investment in SQL Server's underpinnings. SQL Server 7.0 was an entirely different database than SQL Server 6.5. Many people noticed SQL Server 7.0's new "face"—its user-friendly GUI and management tools. But SQL Server 7.0 also had a new "heart"—a new relational engine, a new query processor, and a new database architecture built fresh from the ground up.
SQL Server 2000 was Microsoft's "refinement" of the investments it made in SQL Server 7.0, Campbell said. And the work the SQL Server team is doing for SQL Server 2005 is more customer focused, with an emphasis on providing services around data.
Campbell said he shares his team's belief in eliminating as many knobs as possible on SQL Server's tuning and administration side. SQL Server 2000 and 7.0 have a "less is more" philosophy, with SQL Server becoming the first major relational database management system (RDBMS) to try to automate as many operations and optimizations as possible. Although some traditional DBAs weren't fond of this approach and several leading database vendors criticized the efforts, Campbell pointed out that auto-tuning features are large selling points in Oracle and IBM DB2's recent releases—even though Oracle in particular downplayed the importance of auto-tuning features when SQL Server 7.0 was first released.
I asked Campbell what he thinks are some of the most significant new features in SQL Server 2005—besides the Common Language Runtime (CLR) integration. Campbell first noted support for range-partitioning and online backup and restore of individual partitions, features that will bring incredible SQL Server scalability improvements in the very large database (VLDB) space. Today, most people don't doubt SQL Server's ability to host 500GB databases, but they might start to wonder about how it works with 10TB-20TB databases. And Campbell says these scalability enhancements will let you break huge SQL Server databases into smaller, more manageable chunks.
With SQL Server 2005 still months away from general release, it might seem odd to think about the SQL Server version after SQL Server 2005. But Campbell and I spent considerable time talking about innovative ideas for improving data access. Campbell said that call-level interfaces and APIs can create static environments that don't allow flexible and native interaction between an application and the database. From a programmer perspective, the good old days of embedded SQL provided a more natural and integrated level of interaction with the database, he noted. Although embedded SQL had its drawbacks, Campbell says Microsoft is working on SQL language improvements that will make the blending of T-SQL and .NET programming much more natural. Such improvements, resulting in something I think of as TSQL.NET (although Campbell didn't use that name), ultimately would let us write CLR procedures that blend the best of procedural languages with the best of a set-based language without needing to go through ADO.NET. Campbell made it clear that these language enhancements are post-SQL Server 2005, so don't get too excited yet. But it's fun to dream!
Free SQL Server 2000 Training!
Become a more efficient, effective developer with AppDev's award-winning self-study SQL Server training! See AppDev quality for yourself—download 3 hours of training immediately or request a CD-ROM by mail (each a $95 value) FREE! Click the link below for your FREE SQL 2000 Training!
Here are the results from the 113 votes (deviations from 100 percent are due to a rounding error):
Go to the SQL Server Magazine home page ( http://www.sqlmag.com ) and submit your vote for
Special October Offer for SQL Server Magazine
Order SQL Server Magazine today and get the latest SQL Server 2000 System Table Map Poster free! In addition, act now and save 30% off the cover price and get free, online access to every SQL Server Magazine article ever written—that's more than 5 years of content, tips, and how-to instructions. Limited time offer, so subscribe now:
SQLMag.com Has Answers!
Visit the SQL Server Magazine Web site and access endless SQL Server content that includes thousands of tips, solutions, news, guidance, and how-to articles. Reference lists of active forums, hot-topic discussions, keyword searches, free Web seminars, FAQs, and much more. The site also features a Web-exclusive column by Itzik Ben-Gan. Click here:
Do You Have What It Takes to Compete in the IT Prolympics?
Compete in the first-ever IT Prolympics to test your Active Directory knowledge against your peers. You could win recognition and great prizes. The IT Prolympian grand prize is an expense-paid trip to TechEd 2005. Enter the competition at
Peer to Peer
Check out these hot threads, and see other discussions in our 30 SQL Server forums.
by Umachandar Jayachandran, firstname.lastname@example.org
Congratulations to Anatole V. Farci, a senior software engineer in Portland, Oregon, and Joshua Grant, a database developer for WestJet in Calgary, Alberta, Canada. Anatole won first prize of $100 for the best solution to the October Reader Challenge, "Optimizing a Stored Procedure." Joshua won second prize of $50. You can read a recap of the problem and the solution to the October Reader Challenge at
Now, test your SQL Server savvy in the November Reader Challenge, "Preventing Deletes" (below). Submit your solution in an email message to email@example.com by October 21. Umachandar Jayachandran, a SQL Server Magazine technical editor, will evaluate the responses. We'll announce the winner in an upcoming SQL Server Magazine UPDATE. The first-place winner will receive $100, and the second-place winner will receive $50.
Here's the challenge: Hank, a database programmer, designs and maintains the human resources department's SQL Server 2000 database. Hank wants to prevent deletions from specific audit tables that contain sensitive data. He's already denied DELETE permissions on the tables to all users. What else can Hank do to prevent accidental deletions from the tables? The solution must prevent DELETE statements from removing rows from the tables. Assume that the database contains a table called EmployeesArchive that's similar to the Employees table in the Northwind database. The following script contains the audit table the problem requires.
SELECT * INTO EmployeesArchive FROM Employees
It's as simple as placing additional SQL commands into a Web Form input box, giving hackers complete access to all your backend systems! Firewalls and IDS will not stop such attacks because SQL Injections are NOT seen as intruders. Download this *FREE* white paper from SPI Dynamics.
by Brian Moran, firstname.lastname@example.org
Q. I know how to use Enterprise Manager to move a table to a different filegroup. But I want to automate the process by using T-SQL to move a table—not just its indexes—to a different filegroup. How do I do this? Read the answer today at
A T-SQL query can use any of three clauses—ON, WHERE, and HAVING-for specifying logical expressions that SQL Server uses as filters. The three filters play different roles, but sometimes it can be difficult to know which clause you should specify a logical expression in. Most T-SQL programmers know when to specify a logical expression in the HAVING clause because SQL Server applies the HAVING clause after grouping the input data. But confusion around when to use the ON and WHERE clauses leads to some of the most frequently asked questions in the public SQL Server programming newsgroup. In his October T-SQL Black Belt column, "Understanding Query Filters and Clauses," Itzik Ben-Gan clarifies this perplexing subject. Read this article today at
Learn from SQL Server Magazine experts at Europe's premiere SQL Server event—Brussels SQL Server Day on October 26. Join Microsoft and SQL Server Magazine for a free, full-day event that gives SQL Server users the tools they need to unleash the power of SQL Server 2000, deploy SQL Server Express, and get ready for SQL Server 2005. Register now!
See the complete Windows IT Pro Network guide to Web and live events
New & Improved
by Dawn Cyr, email@example.com
Embarcadero Technologies announced DBArtisan Workbench 8.0, software that delivers advanced storage, performance, capacity, and backup management for SQL Server, Oracle, IBM DB2, and Sybase databases. The latest release includes DBArtisan Space Analyst, Performance Analyst, and Capacity Analyst, which provide diagnostics, correction mechanisms, and historical analysis and forecasting features to improve database efficiency and productivity. Key among the additions in this release is Backup Analyst for Microsoft SQL Server, a backup-and-recovery engine that provides storage compression, reduces backup and recovery times, and provides powerful encryption security options for SQL Server DBAs who need an enterprise solution. Backup Analyst includes a new management UI and a command-line interface that lets DBAs use Backup Analyst functionality in any SQL script. For pricing and other information, contact Embarcadero Technologies at 415-834-3131 extension 3 or firstname.lastname@example.org.
DTM Soft announced DTM Migration Kit, software that provides wizard-like interfaces to automate simple data import, export, and migration operations. DTM Migration Kit imports data from popular database and desktop formats (Microsoft Access, Microsoft Excel, DBF files, Paradox, and plain text) and exports data to plain text, HTML, XML, and RTF formats. The product also supports exporting binary large objects (BLOBs). DTM Migration Kit can create sets of SQL statements and offers some DBMS-specific features for SQL Server, Oracle, Sysbase, and Interbase/Firebird. The product is distributed over the Internet and costs $125. You can download a free demonstration version at http://list.windowsitpro.com/cgi-bin3/DM/y/ehrI0McMHC0Kj40BMGP0Ab . For more information, contact DTM Soft at email@example.com.
Apress announced "Pro SQL Server Reporting Services" by Rodney Landrum and Walter J. Voytek II, a book that looks at each step in the process of designing, creating, and delivering reports by using SQL Server 2000 Reporting Services. The book includes a detailed overview of the reporting architecture and tools; the new Report Definition Language (RDL) standard, which is XML based and lets you define reports in Visual Studio .NET; how to build effective queries for high-performance reporting; how to use Reporting Services to build custom .NET applications; how to render reports to HTML, XML, PDF, and Microsoft Excel formats; how to deploy secure reports by using Windows authentication through Active Directory; and how to create business intelligence (BI) reports by using SQL Server Analysis Services. The 320-page book costs $39.99. For more information, contact Apress at 510-549-5930 or firstname.lastname@example.org.
SQL Server Magazine UPDATE is brought to you by SQL Server Magazine, the only magazine devoted to helping developers and DBAs master new and emerging SQL Server technologies and issues. Subscribe today.
Manage Your Account You are subscribed as #EmailAddr#. To unsubscribe from this email newsletter, click here /#Mailing:UnsubEmail
To make other changes to your email account such as changing your email address, updating your profile, and subscribing or unsubscribing to any of our email newsletters, simply log on to our Email Preference Center.
SQL Server Magazine is a division of Penton Media, Inc., 221 East 29th Street, Loveland, CO 80538, Attention: Customer Service Department
Copyright 2004, Penton Media, Inc. All Rights Reserved.