SQL Server 中 EXPLAIN 形式 SQLite 的等效项是什么?
我使用 SQLite 数据库并在执行实际查询之前运行 EXPLAIN 语句,以验证是否尝试在数据库上写入。
现在,我们已经迁移到 SQL Server,我需要知道查询是尝试写入数据库还是只是一个简单的 SELECT 语句。我基本上尽量避免任何恶意言论。
I used an SQLite database and run an EXPLAIN statement before executing the actual query to verify if there was any attempt to write on the database.
Now, we have migrated to SQL Server and I need to know if a query tries to write on the database or is just a simple SELECT statement. I basically try to avoid any malicious statement.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
您可以通过单击估计查询计划按钮来查看 SSMS 中任何查询的估计查询计划。
请参阅 MSDN。
但是,如果用户不应该写入数据库,则不应具有这样做的权限。确保它属于具有受限权限的角色。
You can see the estimated query plan of any query in SSMS by clicking the estimated query plan button.
See MSDN.
However, if the user shouldn't be writing to the database, is shouldn't have the permissions to do so. Ensure it belongs to a role that has restricted permissions.
如果您决定采用此方法,则可以执行以下操作:
这将返回 3 个结果集,其中包含单个 XML 列。第二个结果集是实际查询的查询计划(在本例中,
select * from sysobjects)但正如我的评论中所述,您最好阻止用户有权进行任何操作变化。
还可以制作“仅”选择但也非常恶意的语句。我可以轻松地编写一个专门锁定数据库中每个表的选择,并且需要一个小时才能运行。
If you do decide to go this route, you could do the following:
This will return 3 result sets containing a single column of XML. The 2nd result set is the query plan for the actual query (in this case,
select * from sysobjects)But as noted in my comment, you'd be better off preventing the user having permissions to make any changes.
It's also possible to craft statements that are "only" selects but that are also pretty malicious. I could easily write a select that exclusively locks every table in the database and takes an hour to run.