Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unsafe string aggregation in sp_DatabaseRestore (code done, testing needed) #2106

Open
renegm opened this issue Sep 2, 2019 · 4 comments
Open

Comments

@renegm
Copy link

@renegm renegm commented Sep 2, 2019

sp_DatabaseRestore
Unsafe string aggregation.

1.Variable accumulation: SELECT @sql = @sql + N'KILL ' + CAST(spid as nvarchar(5)) + N';' + NCHAR(13) etc This works almost everytime except, well, when it doesn't. Result is unpredictable.
(Also kill connections or Set single user its not enough.) Quote
https://docs.microsoft.com/en-us/sql/relational-databases/databases/set-a-database-to-single-user-mode?view=sql-server-2017

Prerequisites
Before you set the database to SINGLE_USER, verify that the AUTO_UPDATE_STATISTICS_ASYNC option is set to OFF.

It is necessary to prevent that auto update steals SINGLE_USER.

  1. Using XML
    SELECT CHAR(10) + ',DISK=''' + @BackupPathFull + BackupFile + '''' FROM #SplitBackups ORDER BY BackupFile FOR XML PATH('')),1,2,'')
    This is better. But XML is tricky:
    SELECT STUFF((SELECT ',AT&T' FOR XML PATH ('')),1,1,'')
    result is AT&T
    You need
    SELECT STUFF(CAST((SELECT ',AT&T' FOR XML PATH ('')) AS xml).value('.','nvarchar(max)'),1,1,'')
    If you are absolutely sure that there is no html entity, you can avoid jumping through these hoops. But not in this case where a path is referenced
@BrentOzar

This comment has been minimized.

Copy link
Member

@BrentOzar BrentOzar commented Sep 2, 2019

@renegm

This comment has been minimized.

Copy link
Author

@renegm renegm commented Sep 2, 2019

That was fast.
I'll do it.

renegm added a commit to renegm/SQL-Server-First-Responder-Kit that referenced this issue Sep 2, 2019
String aggregation
@sm8680

This comment has been minimized.

Copy link
Contributor

@sm8680 sm8680 commented Sep 3, 2019

Pertaining to the Kill statement in this sproc. I wasn't sure why the kill statements are needed in this sproc or I'm just clueless and losing my mind.

In my past for restores. If a database already exists I’ve always found it best to take the database offline and restore over the existing database. I almost never use single user mode or kill spids. For their not fail proof IMO.
ALTER DATABASE [YourDatabaseName] SET OFFLINE WITH ROLLBACK IMMEDIATE

Then restore your database or Drop your database

@renegm

This comment has been minimized.

Copy link
Author

@renegm renegm commented Sep 3, 2019

I think the user must be able to do whatever he want. So activity param must address don’t restore, single user or offline. And other param to restore db settings maybe?

@BrentOzar BrentOzar changed the title Unsafe string aggregation on Unsafe string aggregation in sp_DatabaseRestore (code done, testing needed) Sep 19, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.