Monday, February 20, 2012

Need to use "USE" in a stored Proc

I have a stored Procedure that I always use to restore databases.It
accepts the backup file name,name of the database to be restored as
amongst other parameters. It works pretty good and helps me speed up
the process. However after the database is restored, I need to connect
to that database and compile another stored procedure on that database
and then execute that stored procedure to drop all the users from that
database. I then execute another stored procedure to add the new users
and apply appropriate security.
What I want to do now is to see if there is a way to combine all those
steps all into one stored procedure that will restore the database and
then drop all the users from that database and then add the new users.
When I first attempted it I ran into the issue where I could not use
the "USE " statement in the stored proc, so I ended up writing two
different procs one for dropping users and one for adding new users
that I compile and execute after the database has been restored.
I am sure other people have run into this situation too where within a
stored proc, it is necessary to switch database and perform other tasks
in a different database. I am just looking to get some input to see how
you overcame or handled that issue.
Any help inthis regard will be greatly appreciated.
ThanksYou will need to build dynamic sql script, builiding a string with the
first word 'use dbname', and then execute the string.
Terry
shub wrote:
> I have a stored Procedure that I always use to restore databases.It
> accepts the backup file name,name of the database to be restored as
> amongst other parameters. It works pretty good and helps me speed up
> the process. However after the database is restored, I need to connect
> to that database and compile another stored procedure on that database
> and then execute that stored procedure to drop all the users from that
> database. I then execute another stored procedure to add the new users
> and apply appropriate security.
> What I want to do now is to see if there is a way to combine all those
> steps all into one stored procedure that will restore the database and
> then drop all the users from that database and then add the new users.
> When I first attempted it I ran into the issue where I could not use
> the "USE " statement in the stored proc, so I ended up writing two
> different procs one for dropping users and one for adding new users
> that I compile and execute after the database has been restored.
> I am sure other people have run into this situation too where within a
> stored proc, it is necessary to switch database and perform other tasks
> in a different database. I am just looking to get some input to see how
> you overcame or handled that issue.
> Any help inthis regard will be greatly appreciated.
> Thanks|||Consider 3-part naming like database.owner.tablename format rather than USE
statement.
Anith|||On Fri, 15 Dec 2006 09:26:54 -0600, "Anith Sen"
<anith@.bizdatasolutions.com> wrote:

>Consider 3-part naming like database.owner.tablename format rather than USE
>statement.
Since the database name changes, that would require dynamic SQL.
Roy|||On 15 Dec 2006 07:09:00 -0800, "Terry" <tduffy@.calamos.com> wrote:

>You will need to build dynamic sql script, builiding a string with the
>first word 'use dbname', and then execute the string.
It is worth noting that the change that the USE makes does not persist
past the end of the dynamic SQL script. All the processing that has
to occur in the new database would have to be part of the dynamic SQL
string.
Roy|||Hi
Why do you need to drop all the users? If you have orphaned users use
sp_change_users_login
John
"shub" wrote:

> I have a stored Procedure that I always use to restore databases.It
> accepts the backup file name,name of the database to be restored as
> amongst other parameters. It works pretty good and helps me speed up
> the process. However after the database is restored, I need to connect
> to that database and compile another stored procedure on that database
> and then execute that stored procedure to drop all the users from that
> database. I then execute another stored procedure to add the new users
> and apply appropriate security.
> What I want to do now is to see if there is a way to combine all those
> steps all into one stored procedure that will restore the database and
> then drop all the users from that database and then add the new users.
> When I first attempted it I ran into the issue where I could not use
> the "USE " statement in the stored proc, so I ended up writing two
> different procs one for dropping users and one for adding new users
> that I compile and execute after the database has been restored.
> I am sure other people have run into this situation too where within a
> stored proc, it is necessary to switch database and perform other tasks
> in a different database. I am just looking to get some input to see how
> you overcame or handled that issue.
> Any help inthis regard will be greatly appreciated.
> Thanks
>|||>> Since the database name changes, that would require dynamic SQL.
That should be fine, if written properly, right? Since it is a
administrative task, it has little to do with injection risks or
recompilation issues.
Otherwise, he can consider a few alternatives:
1. Create individual RESTORE statements within the proc & use IF clause to
control the execution flow
2. Create separate stored procedures in each database & call it from the
main proc with the database as the parameter.
EXEC @.r = @.db.dbo.restore_proc ;
Anith|||Anith,
I am not sure I understand what are you suggesting. You are right in
assuming that this is a administrative task and there is no concern or
SQL injection however I do not uderstand the solution.
Currently the Restore Stored proc is complied in the master database
and after the individual database is restored I am then compilibg the
other stored proc to drop all the users.
You may be into something, but I just need to understand to apply it
Thanks
Anith Sen wrote:
> That should be fine, if written properly, right? Since it is a
> administrative task, it has little to do with injection risks or
> recompilation issues.
> Otherwise, he can consider a few alternatives:
> 1. Create individual RESTORE statements within the proc & use IF clause to
> control the execution flow
> 2. Create separate stored procedures in each database & call it from the
> main proc with the database as the parameter.
> EXEC @.r = @.db.dbo.restore_proc ;
> --
> Anith|||Hi
I believe Anith is saying that as this is being used in a controlled manner,
there is no need to worry about SQL Injection as there is no input from a
non-trusted user being executed.
If your database contains it own procedure to drop/create the users then you
can just run that, although anyone else with enough rights can run this
procedure as well.
Why do you need to drop/re-create the users?
John
"shub" wrote:

> Anith,
> I am not sure I understand what are you suggesting. You are right in
> assuming that this is a administrative task and there is no concern or
> SQL injection however I do not uderstand the solution.
> Currently the Restore Stored proc is complied in the master database
> and after the individual database is restored I am then compilibg the
> other stored proc to drop all the users.
> You may be into something, but I just need to understand to apply it
> Thanks
> Anith Sen wrote:
>|||No the databases do not contain the stored proc to drop or create
users, I complie the stored proc after I restore the database and I
was wondering if there was some way from my stored proc to restore the
database if I could do all of that in one step. I think from the input
I have got, it sounds like I pretty much have to build a large dynamic
SQL string or do the way I am doing. (Two Step Process)
I need to drop the databases because every once in a while we will pull
in databases from different networks so when it is restored on ours
those users no longer exist so to keep it clean I prefer to delete the
users.
John Bell wrote:[vbcol=seagreen]
> Hi
> I believe Anith is saying that as this is being used in a controlled manne
r,
> there is no need to worry about SQL Injection as there is no input from a
> non-trusted user being executed.
> If your database contains it own procedure to drop/create the users then y
ou
> can just run that, although anyone else with enough rights can run this
> procedure as well.
> Why do you need to drop/re-create the users?
> John
> "shub" wrote:
>

No comments:

Post a Comment