Easy step to install SQL Server 2000

Installing SQL Server 2000

loadTOCNode(2, ‘summary’);

To Install SQL Server 2000 Basic Local Installation

loadTOCNode(3, ‘summary’);

  1. Insert the Microsoft SQL Server 2000 compact disc in your CD-ROM drive (if the compact disc does not run automatically, double-click Autorun.exe in the root directory of the compact disc), select SQL Server 2000 Components, and then select Install Database Server. Setup prepares the SQL Server Installation Wizard. At the Welcome page, click Next.
  2. In the Computer Name dialog box, Local Computer is the default option, and the local computer name appears in the text box. Click Next.
  3. In the Installation Selection dialog box, click Create a new instance of SQL Server, or install Client Tools, and then click Next. Follow directions on the User Information, Software License Agreement and related pages. In the Installation Definition dialog box, click Server and Client Tools, and then click Next.
  4. In the Instance Name dialog box, if the Default check box is available, you can install either the default or a named instance. If the Default check box is not available, a default instance has already been installed, and you can install only a named instance.
    • To install the default instance, click to select the Default check box, and then click Next.
    • To install a named instance, click to clear the Default check box, type a new named instance in the Instance Name box, and then click Next.
  5. In the Setup Type dialog box, click Typical or Minimum, and then click Next.
  6. In the Service Accounts dialog box, accept the default settings, type your domain password, and then click Next. In the Authentication Mode dialog box, accept the default setting, and then click Next. When you finish specifying options, click Next in the Start Copying Files dialog box.
  7. In the Choose Licensing Mode dialog box, make selections according to your license agreement, and then click Continue to begin the installation. In the Setup Complete dialog box, click Yes, I want to restart my computer now, and then click Finish.

To Install Client Tools Only for SQL Server 2000

loadTOCNode(3, ‘summary’);

  1. Insert the Microsoft SQL Server 2000 compact disc in your CD-ROM drive (if the compact disc does not run automatically, double-click Autorun.exe in the root directory of the compact disc), select SQL Server 2000 Components, select Install Database Server, and then click Next at the Welcome page of the SQL Server Installation Wizard.
  2. In Computer Name dialog box, Local Computer is the default option, and the local computer name appears in the edit box. Click Next.
  3. In the Installation Selection dialog box, click Create a new instance of SQL Server, or install Client Tools, and then click Next.
  4. Follow the directions on the User Information, Software License Agreement, and related pages.
  5. In the Installation Definition dialog box, click Client tools only, and then click Next.
  6. In the Select Components dialog box, accept the defaults or select the components you want, and then click Next. You can select an item in the Components list, such as Management Tools, and then select items from the related Sub-Components list, such as Enterprise Manager. Click to select items that you want to install, and click to clear the check box for the items you do not want to install. For information about each component, select the item, and view the Description box.
  7. In the Start Copying Files dialog box, click Next to complete the installation of the client tools.

To Install Connectivity Only for SQL Server 2000

loadTOCNode(3, ‘summary’);

  1. Insert the Microsoft SQL Server 2000 compact disc into your CD-ROM drive (if the compact disc does not run automatically, double-click Autorun.exe in the root directory of the compact disc), and then select SQL Server 2000 Components.
  2. Select Install Database Server. Setup prepares the SQL Server Installation Wizard. At the Welcome page, click Next.
  3. In the Computer Name dialog box, Local Computer is the default option, and the local computer name appears in the text box. Click Next.
  4. In the Installation Selection dialog box, click Create a new instance of SQL Server, or install Client Tools, and then click Next.
  5. Follow the directions on the User Information, Software License Agreement and related pages.
  6. In the Installation Definition dialog box, click Connectivity Only, and then click Next.
  7. In the Start Copying Files dialog box, click Next to complete the installation.Microsoft SQL Server Books Online:”Basic Installation Options”For additional information, click the article number below to view the article in the Microsoft Knowledge Base:
    257716 (http://support.microsoft.com/kb/257716/EN-US/ ) Frequently Asked Questions – SQL Server 2000 – Setup

SQL functions

SQL has many built-in functions for performing calculations on data.
SQL Aggregate Functions

SQL aggregate functions return a single value, calculated from values in a column.

Useful aggregate functions:

  • AVG() – Returns the average value
  • COUNT() – Returns the number of rows
  • FIRST() – Returns the first value
  • LAST() – Returns the last value
  • MAX() – Returns the largest value
  • MIN() – Returns the smallest value
  • SUM() – Returns the sum

SQL Scalar functions:
SQL scalar functions return a single value, based on the input value.

Useful scalar functions:

  • UCASE() – Converts a field to upper case
  • LCASE() – Converts a field to lower case
  • MID() – Extract characters from a text field
  • LEN() – Returns the length of a text field
  • ROUND() – Rounds a numeric field to the number of decimals specified
  • NOW() – Returns the current system date and time
  • FORMAT() – Formats how a field is to be displayed

Tip: The aggregate functions and the scalar functions will be explained in details in the next chapters.

SQL Injection

What is SQL injection?

The primary form of SQL injection consists of direct insertion of code into user-input variables that are concatenated with SQL commands and executed.

How Haker inject script?

Hacker will pass SQL value with the Data and it will execute, even parametrized data can be manipulated by a skilled and determined attacker.SQL injection consists of direct insertion of code into user-input variables that are concatenated with SQL commands and execute.

The following script shows a simple SQL injection. The script builds an SQL query by concatenating hard-coded strings together with a string entered by the user:

var Shipcity;
ShipCity = Request.form ("ShipCity");
var sql = "select * from
Table1 where ShipCity = '" + ShipCity + "'";

The user is prompted to enter the name of a city. If she enters Redmond, the query assembled by the script looks similar to the following:

SELECT * FROM Table1 WHERE ShipCity = 'Redmond'

However, assume that the user enters the following:

Redmond'; drop table OrdersTable--

In this case, the following query is assembled by the script:

SELECT * FROM Table1 WHERE ShipCity = 'Redmond';drop table Table1 --'

When you are concatenating values of type sysname, you should use temporary variables large enough to hold the maximum 128 characters per value. If possible, call QUOTENAME() directly inside the dynamic Transact-SQL. Otherwise, you can calculate the required buffer size as explained in the previous section.

Introduction to SQL

SQL is a standard language for accessing and manipulating databases.

What is SQL?

  • SQL stands for Structured Query Language
  • SQL lets you access and manipulate databases
  • SQL is an ANSI (American National Standards Institute) standard

What Can SQL do?

  • SQL can execute queries against a database
  • SQL can retrieve data from a database
  • SQL can insert records in a database
  • SQL can update records in a database
  • SQL can delete records from a database
  • SQL can create new databases
  • SQL can create new tables in a database
  • SQL can create stored procedures in a database
  • SQL can create views in a database
  • SQL can set permissions on tables, procedures, and views

SQL is a Standard – BUT….
Although SQL is an ANSI (American National Standards Institute) standard, there are many different versions of the SQL language.

However, to be compliant with the ANSI standard, they all support at least the major commands (such as SELECT, UPDATE, DELETE, INSERT, WHERE) in a similar manner.

Note: Most of the SQL database programs also have their own proprietary extensions in addition to the SQL standard!

Using SQL in Your Web Site

To build a web site that shows some data from a database, you will need the following:

  • An RDBMS database program (i.e. MS Access, SQL Server, MySQL)
  • A server-side scripting language, like PHP or ASP
  • SQL
  • HTML / CSS

RDBMS

RDBMS stands for Relational Database Management System.

RDBMS is the basis for SQL, and for all modern database systems like MS SQL Server, IBM DB2, Oracle, MySQL, and Microsoft Access.

The data in RDBMS is stored in database objects called tables.
A table is a collections of related data entries and it consists of columns and rows.