Connecting Tech Pros Worldwide Help | Site Map
bytes > topic > sql server > answers

How can I find out who is running dangerous queries

  #1  
Old July 20th, 2005, 02:11 AM
Miles
Guest
  
Posts: n/a
I recently discovered that some one (or application) updated all the
rows in the database. Looks like a query was missing a where clause.
It was probably one of the applications, but reviews of the code show
that a where clauses is always used, or so it appears. Anyway, I set
up a trigger to capture every update to a particular table that
recorded who did what and when. I created the trigger (on insert and
update) on a table and in it I use the new fn_get_sql function that
comes with SQL Server 2000 SP3. It looks like this:

--------------------------------
CREATE TRIGGER Update_Last_Modified ON [dbo].[MYTABLENAME]
FOR UPDATE, INSERT
AS
BEGIN
SET NOCOUNT ON
DBCC TRACEON (2861)

DECLARE @Qry nvarchar(4000)


DECLARE @handle binary(20)

SELECT @handle = sql_handle
FROM master..sysprocesses
WHERE spid = @@SPID

SET @QRY = (SELECT CONVERT(nvarchar(4000), [text]) FROM
::fn_get_sql(@handle))

UPDATE MYTABLENAME
SET DATE_LAST_MODIFIED = GETDATE(),
LAST_COMMAND = @QRY,
LAST_USER = SYSTEM_USER
FROM inserted
WHERE MYTABLENAME.UID= Inserted.UID
END

----------------------------------

It was previously coded to use DBCC INPUTBUFFER, and it worked fine,
but I was limited to the first 255 characters of the command, which
prevented me from seeing the critical parts, like the where clause!
When I modified the trigger to use fn_get_sql, all I ever see is the
entire text of the create trigger command. Maybe I should use an
entirely different approach. I'm open to ideas.

Thanks very much in advance for your help!

Miles


_________________
  #2  
Old July 20th, 2005, 02:11 AM
Erland Sommarskog
Guest
  
Posts: n/a

re: How can I find out who is running dangerous queries

Miles (milesfeinberg@hotmail.com) writes:[color=blue]
> It was previously coded to use DBCC INPUTBUFFER, and it worked fine,
> but I was limited to the first 255 characters of the command, which
> prevented me from seeing the critical parts, like the where clause!
> When I modified the trigger to use fn_get_sql, all I ever see is the
> entire text of the create trigger command. Maybe I should use an
> entirely different approach. I'm open to ideas.[/color]

Yes, the idea with fn_get_sql is to get the currently executing statement
of a procedure. And for a process that introspects itself, the current
statement will be the statement it queries sysprocesses. So in your
case DBCC INPUTBUFFER is a better bet.

--
Erland Sommarskog, SQL Server MVP, sommar@algonet.se

Books Online for SQL Server SP3 at
http://www.microsoft.com/sql/techinf...2000/books.asp
Closed Thread

« previous question | next question »

Similar Threads
Thread Thread Starter Forum Replies Last Post
C# is getting Edit and Continue in Visual Studio 2005 Richard Blewett [DevelopMentor] answers 27 November 16th, 2005 01:37 PM
comp.lang.c Answers to Frequently Asked Questions (FAQ List) Steve Summit answers 0 November 13th, 2005 09:56 PM
comp.lang.c Answers to Frequently Asked Questions (FAQ List) Steve Summit answers 0 November 13th, 2005 03:15 AM
How can I find out who is running dangerous queries Miles answers 0 July 20th, 2005 02:11 AM

/bytes/development

/bytes/it

/bytes/about

We are a network of experts and professionals in IT and software development that help one another with answers to tough questions and share insights. Get the best answers to your questions from over 225,662 network members.

dev questions:
algorithms | asp | asp.net | c/c++ | coldfusion | c# | flash | html/css | java | javascript |
mobile dev | .net | perl | php | python | ruby | software dev | vb.net | visual basic | xml
it questions:
access | apache | careers | db2 | iis | macosx | mysql | networking | oracle | postgresql | sql server | unix | windows

About Bytes | Copyright 1995-2009 BYTES. All rights Reserved