SQL interview Questions

 SQL interview Questions

• Precedence order for data types
• How to name DB Objects – Best Practices
• Self join in SQL
• Delete duplicate records from a table
• Sql Constraint
• SQL index
• Common Table Expression (CTE)
• What is a Cursor
• Triggers in SQL Server
• Stored Procedures IN SQL
• User Defined Functions IN SQL
• Difference between Stored Procedures and User DefinedFunctions
• Types of SQL Server Functions 
• SQL Server data types
•  Backup/Copy a table in SQL using query 
• SQL Injection
• Checkpoint in SQL Server
• Table Alias Vs Column Alias in sql server

• Types of Locks in SQL Server

• What is the difference between UNION and UNION ALL?
• What are the Advantages of Using Stored Procedures?
• What is Sub-Queries in SQL Server?
• What is Connection Pooling in SQL SERVER?

Table Alias Vs Column Alias in sql server

Table Alias Vs Column Alias in sql server

Sql Server offers an option to give temporary alias name for the Table and it’s Column Names in the query. In that way we can give a meaning full alias to the Tables. And if two tables are joined both have the same column name, then we have to write two part column names i.e. [Table Name].[Column Name] otherwise Sql server gives an ambiguous column name error. If table name is too long it looks to awkward, so better give a alias name to the table and use this alias name in the Two part column name order to avoid ambiguity.

Table Alias Name. In this Query for Emp_Details Table the alias name specified is Emp in the FROM clause. Because of this we can access the table column names by prefixing Emp. 

SELECT Emp.Name, Emp.Phone FROM dbo.Emp_Details Emp

Column Name Alias. In this Query for Emp_Details Table the alias name specified is Emp in the FROM clause. Because of this we can access the table column names by prefixing Emp.  And for the Name column we are specifying the alias name as ‘Emp Name’ and for Phone column the alias name is ‘Phone Number

SELECT Emp.Name AS 'Emp Name', E.Phone AS [Phone Number] FROM dbo.Employee AS Emp

Checkpoint in SQL Server

Checkpoint in SQL Server

Checkpoint is an internal process that writes modified pages from Buffer Cache to Physical disk, apart from this it also writes the log records from log buffer to physical file. Writing of such pages from buffer cache to data file is also known as Hardening of modified pages. It is a dedicated process and runs automatically by SQL Server at specific intervals. SQL Server runs checkpoint process for each Database individually.

Checkpoint helps to reduce the recovery time for SQL Server in the event of unexpected shutdown or system crash and system Failure.

In SQL Server there are four types of Checkpoints:

Automatic: The most common checkpoint which runs as a process in the background to make sure SQL Server Database can be recovered in the time limit defined by the Recovery Interval – Server Configuration Option.

Indirect: newly added to SQL Server 2012 runs in the background but to meet a user-specified target recovery time for the specific Database where the option has been configured. Once the Target_Recovery_Time for a given database has been selected this will override the Recovery Interval specified for the server and avoid Automatic Checkpoint on such DB.

Manual: runs like any other T-SQL statement, once you issue checkpoint command also run to its completion. Manual Checkpoint runs for your current Database Only. You can also specify the Checkpoint_Duration which is optional, this duration specifies the time in which you want your checkpoint to complete.

Internal: As a user you can’t control Internal Checkpoint. Issued on specific operations such as:

1. Shutdown initiates a Checkpoint operation on all databases except when Shutdown is not clean (Shutdown with nowait)

2. If the recovery model gets changed from Full\Bulk-logged to Simple.

3. While taking Backup of the Database.

4. If your DB is in Simple Recovery model, checkpoint process executes automatically either when the log becomes 70% full, or based on Server option-Recovery Interval.

5. Alter Database command to add or remove a data\log file also initiates a checkpoint.

6. Checkpoint also takes place when the recovery model of the DB is Bulk-Logged and a minimally logged operation is performed.

7. DB Snapshot creation.

SQL Injection

SQL injection is a technique where hacker can inject SQL commands into an SQL statement, via web page.Injected SQL commands can compromise the security of a website.

SQL Injection Based on 0=0 is Always True

Let's say that the original purpose of the code was to create an SQL statement to select a user with a given Emp_id.

Emp_id: 112 or 0=0

SELECT * FROM Emp_Details WHERE Emp_id = 112 or 0=0

The SQL above is valid. It will return all rows from the table, as WHERE 0=0 is always true.

 

SQL Injection Based on ""="" is Always True

Here is a public construction, used to verify user login on a web page:

User Name:

Password:

The Final Statement will be

UserName = request.form("UserName");
Pass = request.form ("UserPass");

sql=" SELECT * FROM Emp_Details WHERE UserName ='" + UserName + "' AND PassWord ='" + Pass + "'"

Hackers might get access to user names and passwords in a database by simply inserting “or ""=" into the user name or password text box.

The code at the server will create a valid SQL statement like this:

SELECT * FROM Emp_Details WHERE UserName ="" or ""="" AND PassWord ="" or ""=""

The result SQL is valid. It will return all rows from the table Users,since  WHERE ""="" is always true.

SQL Injection Based on Batched SQL Statements 

Most databases support batched SQL statement, separated by semicolon.

e.g.

SELECT * FROM Emp_Details ; DROP TABLE EmpLoginDetails

The SQL above will return all rows in the Emp_Details table, and then delete EmpLoginDetails table.

If we had the following server code:

UserName = request.form("UserId");
txtSQL = " SELECT * FROM Emp_Details WHERE UserName = " + UserName;

And the following input:

User Name: 105; DROP TABLE EmpLoginDetails

The code at the server would create a valid SQL statement like this:

SELECT * FROM Emp_Details WHERE UserName = 105; DROP TABLE EmpLoginDetails

Parameters for Protection

The only way to protect a web page from SQL injection, is to use SQL parameters. SQL parameters are values that are added to an SQL query at execution time, in a controlled manner. The SQL engine checks each parameter to ensure that it is correct for its column and are treated literally, and not as part of the SQL to be executed.

UserName = request.form("UserId");
sql = " SELECT * FROM Emp_Details WHERE  UserName = @a";
command = new SqlCommand(sql);
command.Parameters.AddWithValue("@a", UserName);
command.ExecuteReader();

Backup/Copy a table in SQL using query

Backup/Copy a table in SQL using query

Copy all columns into the new table:

SELECT * INTO NewTableName FROM OldtableName;

e.g.

SELECT * INTO Emp_DetailsBkup FROM Emp_Details;

Copy selected columns to new table

SELECT Col1, Col2, Col3… INTO Emp_DetailsBkup FROM Emp_Details;

e.g.

SELECT Emp_Name, Emp_Id, Address… INTO Emp_DetailsBkup FROM Emp_Details;

Copy selected columns to new table with Where clause

SELECT * INTO NewTableName FROM OldtableName where clause;

e.g.

SELECT * INTO Emp_DetailsBkup FROM Emp_Details where id >10;