Product learning

Posts by

Phil Factor

Phil Factor (real name withheld to protect the guilty), aka Database Mole, has 30 years of experience with database-intensive applications.

Despite having once been shouted at by a furious Bill Gates at an exhibition in the early 1980s, he has remained resolutely anonymous throughout his career.

He is a regular contributor to Simple Talk and SQLServerCentral.

11 January 2019

11 January 2019

The risks of using EXECUTE (‘SQL Script’)

SQL Prompt’s code analysis rule, BP013, will alert you to use of Execute(string) to execute a batch in a string, often assembled dynamically from user input. This technique is dangerous because the parameter values are injected before the statement is parsed by SQL Server, allowing an attacker to "tag on" extra statements. Use sp_ExecuteSql... Read more

SQL code smells

Phil Factor

8 January 2019

Phil Factor

8 January 2019

The Whys and Wherefores of Untrusted or Disabled Constraints

Having untrusted or disabled FOREIGN KEY or CHECK constraints in your databases will degrade data consistency and integrity and can cause query performance problems. Phil Factor explains how to detect these and other table-related issues, during development, before they cause trouble further down the line. Read more

Phil Factor

22 December 2018

Phil Factor

22 December 2018

On Quickly Investigating a SQL Monitor Custom Security Alert

Phil Factor offers a clever way to report on a SQL Server intrusion, with a query that shows a full narrative description of all the security-related changes that have been detected by a set of SQL Monitor custom metrics. Read more

SQL Server security monitoring

Phil Factor

13 December 2018

Phil Factor

13 December 2018

Database Continuous Integration with SQL Clone and SQL Change Automation

Phil Factor provides the basis for a Database Continuous Integration process, using SQL Change Automation to build the latest database, and then SQL Clone to distribute it to the various team-based servers that need it. Having honed the process, you can run it every time someone commits a database change. Read more

Phil Factor

5 December 2018

Phil Factor

5 December 2018

Build and fill a database using JSON and SQL Change Automation

Phil Factor demonstrates how to export data from a database, as JSON files, validate it using JSON Schema, then build a fresh development copy of the database using SQL Change Automation, and import all the test data from the JSON files. Read more

Phil Factor

15 November 2018

Phil Factor

15 November 2018

SQL Prompt Code Analysis: A Hint is Used (PE004-7)

Phil Factor suggests a philosophy of "the SQL query optimizer knows best" when it comes to choosing the right execution plan. Use hints as a last resort, and evaluate them carefully whenever SQL Prompt warns you of their presence in your SQL code. Read more

6 November 2018

6 November 2018

Retrospective Database Source Control with SQL Compare

You've found a database that is not in source control. What do you do? Phil Factor shows how to use SQL Compare to generate all the missing object scripts, in Git, and then keep them up-to-date automatically, in response to any further database changes, during development. Read more

database version control

Phil Factor

29 October 2018

Phil Factor

29 October 2018

SQL Prompt Code Analysis: Table does not have clustered index (BP021)

If SQL Prompt alerts you to a table without a clustered index, investigate the reason for its absence carefully. It is rare indeed to find a table where data retrieval is faster without one. Read more

18 October 2018

18 October 2018

Monitoring Changes in Permissions, Users, Roles and Logins

Phil Factor uses the default trace and a SQL Monitor custom metric to alert you to unauthorized changes in security membership or permissions in any of your monitored databases. Read more

sql server monitoring

database intrusion detection

audit and compliance

Phil Factor

12 October 2018

Phil Factor

12 October 2018

SQL Prompt as a Layout Tool: A Survival Guide

Phil Factor's guide to taming SQL Prompt code layout options, and getting it to format code exactly the way you like it. Read more

Posts by Phil Factor

Posts by

Phil Factor