What is SQL-Injection?

Warning: Toxic SQL

Warning: Toxic SQL!

I wasn’t especially surprised to read not long ago that Russian hackers had succeeded in stealing an estimated 1.2 billion login/password credentials for online websites. It seems to have become accepted that internet security is hopelessly more porous than originally envisioned, and that more large-scale breaches involving well known companies exist than are publicized. What piqued my curiosity, however, was a press report that the chief technique used for this record-shattering theft was SQL Injection: a technique which I had supposed to be long ago defeated.     Continue…

GGPLOT Graphics for NFL Stats

GGPLOT2 is a package developed for producing graphics within the R statistical tool. It utilizes a layering metaphor for gradually adding visual details to the desired output. R can support datasets with millions of rows for various aggregation and analysis operations, but it can be slow, unwieldy to code in, and has memory limitations.

Exploring Analytic Functions : an Iterative Approach

Lake Malawi

Lake Malawi

Suppose some quixotic HR evangelist fresh off a stint of social aid work in Malawi is pushing the bombastically non-Libertarian idea of normalizing compensation patterns within departments as follows: employees who have high tenure seniority contrasted with low salary ‘seniority’ will receive pay adjustments. This is the sort of question that can be explored with Oracle’s analytic SQL functions.     Continue…

De-duplicating Rows

Often the need arises to locate and remove duplicated rows, or partially duplicated rows from a table. Queries using the DISTINCT keyword (or it’s synonym UNIQUE) will retrieve and display rows without duplicates. But actually identifying and then removing the unwanted duplicates within a table represents a different level of work, and is also likely … Continue reading

Unpivoting Spreadsheets into Oracle

phingeThe premise is as follows: You’ve got useful data lying in an Excel or Google spreadsheet which you’d like translated into relational table(s). This is likely going to involve normalizing the denormalized spreadsheet data on the way into the database; you are going to end up with (and want) more rows in your table than the corresponding quantity within the spreadsheet. The SQL tool for this is the UNPIVOT keyword.     Continue…

Set Operators in SQL


E.F. ‘Ted’ Codd

Relational database design has strong roots within Set Theory, as can be seen in the seminal work of E.F. Codd more than 40 years ago. Most people recall encountering Venn diagrams during their school days, a pictorial excursion into this realm. Codd codified his relational ideals into a series of well-known rules, which represent an extreme case, not taking account of the often necessary pragmatic or performance reasons for selective denormalization. But his principles are still instructive and serve as a starting point for designing business schemas.     Continue…

More About PIVOT Queries

complex pivot query with both multiple aggregates and multiple pivots

complex pivot query with both multiple aggregate functions and multiple pivot columns

An earlier post introduced the PIVOT feature in Oracle’s 11g2 SQL, and described the motivation for pivoting. This one explores a few more complex ways to use pivot queries. We’ll look at:

         • Multiple Pivot Columns
         • Multiple Aggregate Functions

within the same SQL statement and we’ll see a few errors which commonly arise when building more complex pivot queries like these. Finally, we’ll consider: why would one have a need to UNPIVOT?     Continue…

Twisted Strings : Enforcing Password Strength

password TVgameIn this post, I aim to depict some practical utilizations of assorted Oracle string functions as an antidote to bland, often pointless examples given in SQL documentation. Security and reliable user authentication is ever in the news these days, and many studies confirm that most users continue to choose facile and predictable userids and/or passwords. This article summarizes recent user habits and hacker trends regarding passwords with some basic recommendations, while these two illustrate some of the most common (thus insecure) passwords.     Continue…

Pivot Queries : Then & Now

Back around the era of Oracle 6 or 7, I had an intuition that a certain type of query could be written within the limits of SQL*Plus syntax, but wasn’t quite clear as to how. I was doing some ad-hoc DBA work for a development database once a week or so, and wished to get a handle on who was doing what how frequently in terms of object creation. I envisioned a tabular matrix tallying kinds of objects by user with the aim of watching the changes over time. After doing some legwork exploring the sys.obj$ table and hitting upon using DECODE to trap specific object/user pairs into desired columns, I came up with this:     Continue…

Layering in R for Oracle Data

The GGPLOT2 package for R, developed by Hadley Wickham, is preferred by many for it’s greater flexibility and range of graphing options. Here’s a tutorial explaining it’s capabilities and here’s the online documentation for the package.


Get every new post delivered to your Inbox.