The benefit of T-SQL 3 part naming

So yesterday I made the second ever major technical boo-boo of my career - I accidentally ran a dynamic "DROP TABLE" script on an extremely large, high-availability system. The last time I did something of this magnitude was literally when I first started out with T-SQL, and I ran a load of DROP / CREATE PROC statements on a similar sized system, right in the middle of rush hour; instantly breaking the 500 of so clients that were connected to it. Obviously this kind of thing is very embarrassing, not to mention the massive inconvenience caused throughout the departments using the system. Luckily the database is backed up hourly (thank you Mr DBA), and although I made the mistake 6 minutes before the next back up, the impact was relatively minimal due to the main user's being in a departmental meeting. I'm blogging to outline my mistake and document changes to my T-SQL script, which up until 13:34 yesterday, made my life considerably easier and I thought was the dog's plums.

So yeah... as previously mentioned, I write my table creation scripts by hand and run them against a database - it makes database development, set up and deployment a cinch, though I've always had issues around the amount of time it takes me to write the DROP TABLE statements, due to constraint, trigger and key restrictions. Take the following example:

CREATE TABLE UserStatus (
    UserStatusID                INT                NOT NULL    IDENTITY    PRIMARY KEY,
    [Description]                VARCHAR(30)        NOT NULL    UNIQUE
)

CREATE TABLE Users (
    UserID                        INT                NOT NULL    IDENTITY    PRIMARY KEY,
    UserStatusID                INT                NOT NULL    FOREIGN KEY REFERENCES UserStatus(UserStatusID),
    UserName                    VARCHAR(30)        NOT NULL    UNIQUE
)

The FOREIGN KEY reference on the UserStatusID column on the Users table means that you cannot run a DROP TABLE command on the UserStatus table before the Users table is dropped. You have to run the statements in the following order:

IF OBJECT_ID('Users', 'U') IS NOT NULL
    DROP TABLE Users
IF OBJECT_ID('UserStatus', 'U') IS NOT NULL
    DROP TABLE UserStatus

While running two DROP TABLE statements in a pre-defined order is not a major concern, maintaining a list of a few hundred tables, all with their own constraints, is a nightmare. Enter the Script of Doom; it basically loops through all of the tables in the current database, disables and drops all constraints, then drops all the tables:

-- Delete all tables
DECLARE @CONSTRAINT_CATALOG NVARCHAR(2000), @TABLE_SCHEMA NVARCHAR(2000)
DECLARE @TABLE_NAME NVARCHAR(2000), @CONSTRAINT_NAME NVARCHAR(2000)
DECLARE @table NVARCHAR(MAX), @command NVARCHAR(MAX)

DECLARE constraints CURSOR READ_ONLY FAST_FORWARD FOR
SELECT DISTINCT c.TABLE_SCHEMA, c.TABLE_NAME, c.CONSTRAINT_NAME
FROM sysobjects s
INNER JOIN INFORMATION_SCHEMA.CONSTRAINT_COLUMN_USAGE c ON s.[name] = c.CONSTRAINT_NAME
WHERE s.xtype IN('F', 'C')

OPEN constraints

FETCH NEXT FROM constraints INTO @TABLE_SCHEMA, @TABLE_NAME, @CONSTRAINT_NAME

WHILE @@FETCH_STATUS = 0
    BEGIN
        SET @table = @TABLE_SCHEMA + '.' + @TABLE_NAME

        SET @command = N'ALTER TABLE ' + @table + ' NOCHECK CONSTRAINT ' + @CONSTRAINT_NAME
        EXECUTE sp_executesql @statement = @command
        PRINT @command
        
        SET @command = N'ALTER TABLE ' + @table + ' DROP CONSTRAINT ' + @CONSTRAINT_NAME
        EXECUTE sp_executesql @statement = @command
        PRINT @command
        
        FETCH NEXT FROM constraints INTO @TABLE_SCHEMA, @TABLE_NAME, @CONSTRAINT_NAME
    END
CLOSE constraints
DEALLOCATE constraints

-- Drop tables, now constraints are deleted
SET @command = 'DROP TABLE ?'
EXEC sp_MSforeachtable @command1 = @command, @command2= 'PRINT ''? dropped'''

As exciting as this script is, this was the one that was responsible for causing my issues yesterday. You can run this script on any MSSQL database, and it will indiscriminately drop all table constraints, followed by every table in the database - stopping the SQL Query Engine from reporting constraint errors during a DROP TABLE. Excellent when dealing with my above issues; not so excellent when you accidentally execute it against a live database, used by God's secretary to log how many paedophiles are accidentally let in to Heaven. Suffice to say, I have learned my lesson.

Whilst discrimination is usually a bad thing, in this instance it is more than welcome. There are a few simple ways to avoid the monumental catastrophe that I caused yesterday - the first being the simple addition of a "USE" statement at the top of the file, with more elaborate attempts surrounding creating transactions, wrapping in TRY...CATCH statements and using RAISERROR to halt script execution. Here's my new, overly safe version of the same script:


BEGIN TRY

    DECLARE @DBName VARCHAR(100), @command NVARCHAR(MAX)
    -- HARD CODE TO DB
    USE [MyDatabase]
    SET @DBName = '[MyDatabase]'

    BEGIN TRANSACTION DelTables

        -- Delete all tables
        DECLARE @CONSTRAINT_CATALOG NVARCHAR(2000), @TABLE_SCHEMA NVARCHAR(2000)
        DECLARE @TABLE_NAME NVARCHAR(2000), @CONSTRAINT_NAME NVARCHAR(2000)
        DECLARE @table NVARCHAR(MAX)

        DECLARE constraints CURSOR READ_ONLY FAST_FORWARD FOR
        SELECT DISTINCT c.TABLE_SCHEMA, c.TABLE_NAME, c.CONSTRAINT_NAME
        FROM sysobjects s
        INNER JOIN INFORMATION_SCHEMA.CONSTRAINT_COLUMN_USAGE c ON s.[name] = c.CONSTRAINT_NAME
        WHERE s.xtype IN('F', 'C')

        OPEN constraints

        FETCH NEXT FROM constraints INTO @TABLE_SCHEMA, @TABLE_NAME, @CONSTRAINT_NAME

        WHILE @@FETCH_STATUS = 0
            BEGIN
                SET @table = @DBName + '.' + @TABLE_SCHEMA + '.' + @TABLE_NAME

                SET @command = N'ALTER TABLE ' + @table + ' NOCHECK CONSTRAINT ' + @CONSTRAINT_NAME
                EXECUTE sp_executesql @statement = @command
                PRINT @command
                
                SET @command = N'ALTER TABLE ' + @table + ' DROP CONSTRAINT ' + @CONSTRAINT_NAME
                EXECUTE sp_executesql @statement = @command
                PRINT @command
                
                FETCH NEXT FROM constraints INTO @TABLE_SCHEMA, @TABLE_NAME, @CONSTRAINT_NAME
            END
        CLOSE constraints
        DEALLOCATE constraints
        
        -- Drop tables, now constraints are deleted
        SET @command = 'DROP TABLE ' + @DBName + '.?'
        EXEC sp_MSforeachtable @command1 = @command, @command2= 'PRINT ''? dropped'''

    COMMIT TRANSACTION DelTables
END TRY
BEGIN CATCH

    ROLLBACK TRANSACTION DelTables

    SET @command = 'Error Occurred, rollback committed' + CHAR(13) + CHAR(10) + CHAR(13) + CHAR(10) + ERROR_MESSAGE()
    RAISERROR(@command, 20, 1)

END CATCH

What we have here is an almost foolproof version of my dynamic DROP TABLE script. The USE [MyDatabase] statement is now present, with a parameter added at the top of the file to hold the database name, which is used to qualify all object references within the scripts. This should be enough, to be honest - the additional error handling (the TRY...CATCH and the transaction management statements) are superfluous to requirements; you cannot undo a DROP TABLE script using transactions, and all the TRY...CATCH will do is report errors in a managed way.

Now, if you drag this script in to a server that does not have a database called "MyDatabase" and run it, you'll get the following error:

Msg 911, Level 16, State 1, Line 14
Database 'MyDatabase' does not exist. Make sure that the name is entered correctly.
And script execution immediately halts, which is almost ideal. Now, the only mistake you could make is by running the script on an incorrect instance of the database; i.e. LIVE instead of TEST. This is always a risk, and one which cannot be avoided (unless the database names are suffixed with the instance, which creates it's own deployment issues), but it certainly stops you from running this script against a completely unrelated database, destroying entire infrastructures in the process :(

Luckily (to those who care), I jumped on it and rectified the mistake as quickly as I could, rather than brush it under the carpet and deny all knowledge (as I have seen many people do before). I held my hand up and admitted responsibility; something a lot of developers tend to shirk if they can get away with it. My issue only occurred because I left a connection to the high-availability database open in SSMS after helping out a colleague, then got distracted with some other work, and an hour later I dragged the script on to what I thought was my local SQL instance. One press of F5 later and boom, my whole world crumbled around me for the next few hours...

Popular posts from this blog

TDD and Unit Testing with Moq

In my last post, I mentioned that I've been using TDD and mocking quite a bit this year, and I've fallen in love. It's something I'm very keen on continuing with, as I've now seen that the benefits outweigh the extra time needed to develop your tests. I've written my fair share of stand alone unit and integration tests throughout the years, but until recently I've not used object mocking or stubbing. I've never really appreciated what tests are, and what benefits they give me as a developer, other than they let me write a quick bit of throw-away code that enables me to test the functionality of a class or a method. Only now - 16 years in to my career - do I realise how critical unit tests are to an application, especially in enterprise level systems that have a lot of code reuse and crossover. Not only do well written tests test the functionality of your code base, they also allow you to modify anything with complete confidence that your changes aren...
Read more

Handling uploads with MVC4, JQuery, Plupload and CKEditor

I spent a considerable amount of time trying to get MVC to work nicely with various file uploaders while I was writing  RustyShark , and I have to admit it's been pretty frustrating at times. On the plus side, it's taught me a lot about how Microsoft MVC works behind the scenes, and allowed me to play with quite a few different uploading tools that're out there. My upload page on RustyShark has quite a complex model - each review is related to multiple Formats (PS3, 360, DVD, Blu Ray etc), each review / format combination can have multiple images associated with it, and each image has additional meta data attached, such as a caption and an upload date. The upload form is created using a combination of Editor Templates, JQuery and AJAX. I will be stripping down any examples to their bare bones to make things a little clearer. This article assumes you are familiar with MVC fundamentals such as creating controllers, views and models within Visual Studio 2010 or later, you ...
Read more

Generating a self-signed SSL certificate for my QNAP NAS

I recently bought a new NAS (Network Attached Storage) to deal with some of my remote work requirements. Initially I was going to build a server to do the job from spare parts, but I was concerned about power consumption and of course the amount of time it would take to build, configure and administrate. In the end, I had a little look at a few reviews and I decided on the QNAP 219P+. I can honestly say without a doubt that it's one of the best pieces of kit I've bought for a while. It's very feature rich, (almost) everything seems to work perfectly, the interface is well organised and easy to use, and maybe the most important part - it's fast . I'm having a few issues getting the WebDAV service accepting connections, though I think it's Windows' fault, not the QNAP. It's a little on the pricey side for home users, but I didn't mind paying what I did considering how good it is. One of the things I wanted to do was secure my remote communication w...
Read more