http://blogs.msdn.com/anthonybloesch/archive/tags/T-SQL/default.aspxTags: T-SQLen-USCommunityServer 2.1 SP1 (Build: 61025.2)http://blogs.msdn.com/anthonybloesch/archive/2009/01/14/SQL-programming-errors.aspxThu, 15 Jan 2009 00:25:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:9319597AnthonyBloesch1http://blogs.msdn.com/anthonybloesch/comments/9319597.aspxhttp://blogs.msdn.com/anthonybloesch/commentrss.aspx?PostID=9319597<P style="MARGIN: 0in 0in 10pt" class=MsoNormal><SPAN style="FONT-FAMILY: 'Candara','sans-serif'"><FONT size=3>The paper “</FONT><A href="http://cwe.mitre.org/top25" mce_href="http://cwe.mitre.org/top25"><FONT size=3>Top 25 Most Dangerous Programming Errors</FONT></A><FONT size=3>” (</FONT><A href="http://cwe.mitre.org/top25" mce_href="http://cwe.mitre.org/top25"><FONT size=3>http://cwe.mitre.org/top25</FONT></A><FONT size=3>) is an interesting study of the families of programming errors that lead to security issues. The paper is based on input from a wide variety of security experts and is worth reading. The complete list of errors is at </FONT><A href="http://cwe.mitre.org/data/lists/699.html" mce_href="http://cwe.mitre.org/data/lists/699.html"><FONT size=3>http://cwe.mitre.org/data/lists/699.html</FONT></A><FONT size=3>.<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p></FONT></SPAN></P> <P style="MARGIN: 0in 0in 0pt" class=MsoNormal><SPAN style="FONT-FAMILY: 'Candara','sans-serif'"><FONT size=3>From a T-SQL perspective, however, it seems off mark but the same group has a database of all the common weaknesses. Here is a list of Common SQL specific errors I was able to extract:<o:p></o:p></FONT></SPAN></P> <P style="TEXT-INDENT: -0.25in; MARGIN: 0in 0in 0pt 0.5in; mso-list: l1 level1 lfo1" class=MsoListParagraphCxSpFirst><SPAN style="FONT-FAMILY: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol"><SPAN style="mso-list: Ignore"><FONT size=3>·</FONT><SPAN style="FONT: 7pt 'Times New Roman'">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN></SPAN><SPAN style="FONT-FAMILY: 'Candara','sans-serif'"><FONT size=3>Access Control Bypass Through User-Controlled SQL Primary Key (</FONT><A href="http://cwe.mitre.org/data/definitions/566.html" mce_href="http://cwe.mitre.org/data/definitions/566.html"><FONT size=3>http://cwe.mitre.org/data/definitions/566.html</FONT></A><FONT size=3>).<o:p></o:p></FONT></SPAN></P> <P style="TEXT-INDENT: -0.25in; MARGIN: 0in 0in 0pt 0.5in; mso-list: l1 level1 lfo1" class=MsoListParagraphCxSpMiddle><SPAN style="FONT-FAMILY: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol"><SPAN style="mso-list: Ignore"><FONT size=3>·</FONT><SPAN style="FONT: 7pt 'Times New Roman'">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN></SPAN><SPAN style="FONT-FAMILY: 'Candara','sans-serif'"><FONT size=3>Individual Definition in a New Window Dangling Database Cursor (aka 'Cursor Injection') (</FONT><A href="http://cwe.mitre.org/data/definitions/619.html" mce_href="http://cwe.mitre.org/data/definitions/619.html"><FONT size=3>http://cwe.mitre.org/data/definitions/619.html</FONT></A><FONT size=3>).<o:p></o:p></FONT></SPAN></P> <P style="TEXT-INDENT: -0.25in; MARGIN: 0in 0in 0pt 0.5in; mso-list: l1 level1 lfo1" class=MsoListParagraphCxSpMiddle><SPAN style="FONT-FAMILY: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol"><SPAN style="mso-list: Ignore"><FONT size=3>·</FONT><SPAN style="FONT: 7pt 'Times New Roman'">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN></SPAN><SPAN style="FONT-FAMILY: 'Candara','sans-serif'"><FONT size=3>Failure to Preserve SQL Query Structure (aka 'SQL Injection') (</FONT><A href="http://cwe.mitre.org/data/definitions/89.html" mce_href="http://cwe.mitre.org/data/definitions/89.html"><FONT size=3>http://cwe.mitre.org/data/definitions/89.html</FONT></A><FONT size=3>).<o:p></o:p></FONT></SPAN></P> <P style="TEXT-INDENT: -0.25in; MARGIN: 0in 0in 0pt 0.5in; mso-list: l1 level1 lfo1" class=MsoListParagraphCxSpMiddle><SPAN style="FONT-FAMILY: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol"><SPAN style="mso-list: Ignore"><FONT size=3>·</FONT><SPAN style="FONT: 7pt 'Times New Roman'">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN></SPAN><SPAN style="FONT-FAMILY: 'Candara','sans-serif'"><FONT size=3>Failure to Sanitize Data within XQuery Expressions (aka 'XQuery Injection') (</FONT><A href="http://cwe.mitre.org/data/definitions/652.html" mce_href="http://cwe.mitre.org/data/definitions/652.html"><FONT size=3>http://cwe.mitre.org/data/definitions/652.html</FONT></A><FONT size=3>).<o:p></o:p></FONT></SPAN></P> <P style="TEXT-INDENT: -0.25in; MARGIN: 0in 0in 0pt 0.5in; mso-list: l1 level1 lfo1" class=MsoListParagraphCxSpMiddle><SPAN style="FONT-FAMILY: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol"><SPAN style="mso-list: Ignore"><FONT size=3>·</FONT><SPAN style="FONT: 7pt 'Times New Roman'">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN></SPAN><SPAN style="FONT-FAMILY: 'Candara','sans-serif'"><FONT size=3>SQL Injection: Hibernate (</FONT><A href="http://cwe.mitre.org/data/definitions/564.html" mce_href="http://cwe.mitre.org/data/definitions/564.html"><FONT size=3>http://cwe.mitre.org/data/definitions/564.html</FONT></A><FONT size=3>). <o:p></o:p></FONT></SPAN></P> <P style="MARGIN: 0in 0in 10pt 0.5in" class=MsoListParagraphCxSpLast><SPAN style="FONT-FAMILY: 'Candara','sans-serif'"><o:p><FONT size=3>&nbsp;</FONT></o:p></SPAN></P> <P style="MARGIN: 0in 0in 0pt" class=MsoNormal><SPAN style="FONT-FAMILY: 'Candara','sans-serif'"><FONT size=3>There are many errors that apply to SQL and other languages. Here is a list that I thought was most relevant to SQL development:<o:p></o:p></FONT></SPAN></P> <P style="TEXT-INDENT: -0.25in; MARGIN: 0in 0in 0pt 0.5in; mso-list: l0 level1 lfo2" class=MsoListParagraphCxSpFirst><SPAN style="FONT-FAMILY: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol"><SPAN style="mso-list: Ignore"><FONT size=3>·</FONT><SPAN style="FONT: 7pt 'Times New Roman'">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN></SPAN><SPAN style="FONT-FAMILY: 'Candara','sans-serif'"><FONT size=3>Algorithmic Complexity (</FONT><A href="http://cwe.mitre.org/data/definitions/407.html" mce_href="http://cwe.mitre.org/data/definitions/407.html"><FONT size=3>http://cwe.mitre.org/data/definitions/407.html</FONT></A><FONT size=3>). <o:p></o:p></FONT></SPAN></P> <P style="TEXT-INDENT: -0.25in; MARGIN: 0in 0in 0pt 0.5in; mso-list: l0 level1 lfo2" class=MsoListParagraphCxSpMiddle><SPAN style="FONT-FAMILY: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol"><SPAN style="mso-list: Ignore"><FONT size=3>·</FONT><SPAN style="FONT: 7pt 'Times New Roman'">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN></SPAN><SPAN style="FONT-FAMILY: 'Candara','sans-serif'"><FONT size=3>Authentication Bypass by Alternate Name (</FONT><A href="http://cwe.mitre.org/data/definitions/289.html" mce_href="http://cwe.mitre.org/data/definitions/289.html"><FONT size=3>http://cwe.mitre.org/data/definitions/289.html</FONT></A><FONT size=3>). <o:p></o:p></FONT></SPAN></P> <P style="TEXT-INDENT: -0.25in; MARGIN: 0in 0in 0pt 0.5in; mso-list: l0 level1 lfo2" class=MsoListParagraphCxSpMiddle><SPAN style="FONT-FAMILY: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol"><SPAN style="mso-list: Ignore"><FONT size=3>·</FONT><SPAN style="FONT: 7pt 'Times New Roman'">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN></SPAN><SPAN style="FONT-FAMILY: 'Candara','sans-serif'"><FONT size=3>Client-Side Enforcement of Server-Side Security (</FONT><A href="http://cwe.mitre.org/data/definitions/602.html" mce_href="http://cwe.mitre.org/data/definitions/602.html"><FONT size=3>http://cwe.mitre.org/data/definitions/602.html</FONT></A><FONT size=3>). <o:p></o:p></FONT></SPAN></P> <P style="TEXT-INDENT: -0.25in; MARGIN: 0in 0in 0pt 0.5in; mso-list: l0 level1 lfo2" class=MsoListParagraphCxSpMiddle><SPAN style="FONT-FAMILY: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol"><SPAN style="mso-list: Ignore"><FONT size=3>·</FONT><SPAN style="FONT: 7pt 'Times New Roman'">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN></SPAN><SPAN style="FONT-FAMILY: 'Candara','sans-serif'"><FONT size=3>Discrepancy Information Leaks (</FONT><A href="http://cwe.mitre.org/data/definitions/203.html" mce_href="http://cwe.mitre.org/data/definitions/203.html"><FONT size=3>http://cwe.mitre.org/data/definitions/203.html</FONT></A><FONT size=3>). <o:p></o:p></FONT></SPAN></P> <P style="TEXT-INDENT: -0.25in; MARGIN: 0in 0in 0pt 0.5in; mso-list: l0 level1 lfo2" class=MsoListParagraphCxSpMiddle><SPAN style="FONT-FAMILY: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol"><SPAN style="mso-list: Ignore"><FONT size=3>·</FONT><SPAN style="FONT: 7pt 'Times New Roman'">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN></SPAN><SPAN style="FONT-FAMILY: 'Candara','sans-serif'"><FONT size=3>Error Handling (</FONT><A href="http://cwe.mitre.org/data/definitions/388.html" mce_href="http://cwe.mitre.org/data/definitions/388.html"><FONT size=3>http://cwe.mitre.org/data/definitions/388.html</FONT></A><FONT size=3>). <o:p></o:p></FONT></SPAN></P> <P style="TEXT-INDENT: -0.25in; MARGIN: 0in 0in 0pt 0.5in; mso-list: l0 level1 lfo2" class=MsoListParagraphCxSpMiddle><SPAN style="FONT-FAMILY: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol"><SPAN style="mso-list: Ignore"><FONT size=3>·</FONT><SPAN style="FONT: 7pt 'Times New Roman'">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN></SPAN><SPAN style="FONT-FAMILY: 'Candara','sans-serif'"><FONT size=3>Error Message Information Leak (</FONT><A href="http://cwe.mitre.org/data/definitions/209.html" mce_href="http://cwe.mitre.org/data/definitions/209.html"><FONT size=3>http://cwe.mitre.org/data/definitions/209.html</FONT></A><FONT size=3>).<o:p></o:p></FONT></SPAN></P> <P style="TEXT-INDENT: -0.25in; MARGIN: 0in 0in 0pt 0.5in; mso-list: l0 level1 lfo2" class=MsoListParagraphCxSpMiddle><SPAN style="FONT-FAMILY: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol"><SPAN style="mso-list: Ignore"><FONT size=3>·</FONT><SPAN style="FONT: 7pt 'Times New Roman'">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN></SPAN><SPAN style="FONT-FAMILY: 'Candara','sans-serif'"><FONT size=3>Failure to Encrypt Sensitive Data (</FONT><A href="http://cwe.mitre.org/data/definitions/311.html" mce_href="http://cwe.mitre.org/data/definitions/311.html"><FONT size=3>http://cwe.mitre.org/data/definitions/311.html</FONT></A><FONT size=3>). <o:p></o:p></FONT></SPAN></P> <P style="TEXT-INDENT: -0.25in; MARGIN: 0in 0in 0pt 0.5in; mso-list: l0 level1 lfo2" class=MsoListParagraphCxSpMiddle><SPAN style="FONT-FAMILY: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol"><SPAN style="mso-list: Ignore"><FONT size=3>·</FONT><SPAN style="FONT: 7pt 'Times New Roman'">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN></SPAN><SPAN style="FONT-FAMILY: 'Candara','sans-serif'"><FONT size=3>Failure to Handle Missing Value (</FONT><A href="http://cwe.mitre.org/data/definitions/230.html" mce_href="http://cwe.mitre.org/data/definitions/230.html"><FONT size=3>http://cwe.mitre.org/data/definitions/230.html</FONT></A><FONT size=3>). <o:p></o:p></FONT></SPAN></P> <P style="TEXT-INDENT: -0.25in; MARGIN: 0in 0in 0pt 0.5in; mso-list: l0 level1 lfo2" class=MsoListParagraphCxSpMiddle><SPAN style="FONT-FAMILY: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol"><SPAN style="mso-list: Ignore"><FONT size=3>·</FONT><SPAN style="FONT: 7pt 'Times New Roman'">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN></SPAN><SPAN style="FONT-FAMILY: 'Candara','sans-serif'"><FONT size=3>Improper Access Control (Authorization) (</FONT><A href="http://cwe.mitre.org/data/definitions/285.html" mce_href="http://cwe.mitre.org/data/definitions/285.html"><FONT size=3>http://cwe.mitre.org/data/definitions/285.html</FONT></A><FONT size=3>). <o:p></o:p></FONT></SPAN></P> <P style="TEXT-INDENT: -0.25in; MARGIN: 0in 0in 0pt 0.5in; mso-list: l0 level1 lfo2" class=MsoListParagraphCxSpMiddle><SPAN style="FONT-FAMILY: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol"><SPAN style="mso-list: Ignore"><FONT size=3>·</FONT><SPAN style="FONT: 7pt 'Times New Roman'">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN></SPAN><SPAN style="FONT-FAMILY: 'Candara','sans-serif'"><FONT size=3>Incorrect Ownership Assignment (</FONT><A href="http://cwe.mitre.org/data/definitions/708.html" mce_href="http://cwe.mitre.org/data/definitions/708.html"><FONT size=3>http://cwe.mitre.org/data/definitions/708.html</FONT></A><FONT size=3>). <o:p></o:p></FONT></SPAN></P> <P style="TEXT-INDENT: -0.25in; MARGIN: 0in 0in 0pt 0.5in; mso-list: l0 level1 lfo2" class=MsoListParagraphCxSpMiddle><SPAN style="FONT-FAMILY: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol"><SPAN style="mso-list: Ignore"><FONT size=3>·</FONT><SPAN style="FONT: 7pt 'Times New Roman'">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN></SPAN><SPAN style="FONT-FAMILY: 'Candara','sans-serif'"><FONT size=3>Incorrect Privilege Assignment (</FONT><A href="http://cwe.mitre.org/data/definitions/266.html" mce_href="http://cwe.mitre.org/data/definitions/266.html"><FONT size=3>http://cwe.mitre.org/data/definitions/266.html</FONT></A><FONT size=3>). <o:p></o:p></FONT></SPAN></P> <P style="TEXT-INDENT: -0.25in; MARGIN: 0in 0in 0pt 0.5in; mso-list: l0 level1 lfo2" class=MsoListParagraphCxSpMiddle><SPAN style="FONT-FAMILY: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol"><SPAN style="mso-list: Ignore"><FONT size=3>·</FONT><SPAN style="FONT: 7pt 'Times New Roman'">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN></SPAN><SPAN style="FONT-FAMILY: 'Candara','sans-serif'"><FONT size=3>Leftover Debug Code (</FONT><A href="http://cwe.mitre.org/data/definitions/489.html" mce_href="http://cwe.mitre.org/data/definitions/489.html"><FONT size=3>http://cwe.mitre.org/data/definitions/489.html</FONT></A><FONT size=3>). <o:p></o:p></FONT></SPAN></P> <P style="TEXT-INDENT: -0.25in; MARGIN: 0in 0in 0pt 0.5in; mso-list: l0 level1 lfo2" class=MsoListParagraphCxSpMiddle><SPAN style="FONT-FAMILY: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol"><SPAN style="mso-list: Ignore"><FONT size=3>·</FONT><SPAN style="FONT: 7pt 'Times New Roman'">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN></SPAN><SPAN style="FONT-FAMILY: 'Candara','sans-serif'"><FONT size=3>Not Using Password Aging (</FONT><A href="http://cwe.mitre.org/data/definitions/262.html" mce_href="http://cwe.mitre.org/data/definitions/262.html"><FONT size=3>http://cwe.mitre.org/data/definitions/262.html</FONT></A><FONT size=3>). <o:p></o:p></FONT></SPAN></P> <P style="TEXT-INDENT: -0.25in; MARGIN: 0in 0in 0pt 0.5in; mso-list: l0 level1 lfo2" class=MsoListParagraphCxSpMiddle><SPAN style="FONT-FAMILY: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol"><SPAN style="mso-list: Ignore"><FONT size=3>·</FONT><SPAN style="FONT: 7pt 'Times New Roman'">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN></SPAN><SPAN style="FONT-FAMILY: 'Candara','sans-serif'"><FONT size=3>Privacy Leak through Data Queries (</FONT><A href="http://cwe.mitre.org/data/definitions/202.html" mce_href="http://cwe.mitre.org/data/definitions/202.html"><FONT size=3>http://cwe.mitre.org/data/definitions/202.html</FONT></A><FONT size=3>). <o:p></o:p></FONT></SPAN></P> <P style="TEXT-INDENT: -0.25in; MARGIN: 0in 0in 0pt 0.5in; mso-list: l0 level1 lfo2" class=MsoListParagraphCxSpMiddle><SPAN style="FONT-FAMILY: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol"><SPAN style="mso-list: Ignore"><FONT size=3>·</FONT><SPAN style="FONT: 7pt 'Times New Roman'">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN></SPAN><SPAN style="FONT-FAMILY: 'Candara','sans-serif'"><FONT size=3>Unchecked Input for Loop Condition (</FONT><A href="http://cwe.mitre.org/data/definitions/606.html" mce_href="http://cwe.mitre.org/data/definitions/606.html"><FONT size=3>http://cwe.mitre.org/data/definitions/606.html</FONT></A><FONT size=3>). <o:p></o:p></FONT></SPAN></P> <P style="TEXT-INDENT: -0.25in; MARGIN: 0in 0in 10pt 0.5in; mso-list: l0 level1 lfo2" class=MsoListParagraphCxSpLast><SPAN style="FONT-FAMILY: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol"><SPAN style="mso-list: Ignore"><FONT size=3>·</FONT><SPAN style="FONT: 7pt 'Times New Roman'">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN></SPAN><SPAN style="FONT-FAMILY: 'Candara','sans-serif'"><FONT size=3>Use of Obsolete Functions (</FONT><A href="http://cwe.mitre.org/data/definitions/477.html" mce_href="http://cwe.mitre.org/data/definitions/477.html"><FONT size=3>http://cwe.mitre.org/data/definitions/477.html</FONT></A><FONT size=3>). <o:p></o:p></FONT></SPAN></P><img src="http://blogs.msdn.com/aggbug.aspx?PostID=9319597" width="1" height="1">T-SQLSecuritybugsSQLhttp://blogs.msdn.com/anthonybloesch/archive/2005/09/20/TSQL-casing-feedback.aspxTue, 20 Sep 2005 19:08:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:471812AnthonyBloesch1http://blogs.msdn.com/anthonybloesch/comments/471812.aspxhttp://blogs.msdn.com/anthonybloesch/commentrss.aspx?PostID=471812<P style="MARGIN: 0in 0in 0pt" class=MsoNormal><SPAN style="FONT-FAMILY: Georgia; FONT-SIZE: 11pt">Thanks everyone for the great blog and email comments on how we should deal with T-SQL casing conventions.<?xml:namespace prefix = o /><o:p></o:p></SPAN></P> <P style="MARGIN: 0in 0in 0pt" class=MsoNormal><SPAN style="FONT-FAMILY: Georgia; FONT-SIZE: 11pt"><o:p>&nbsp;</o:p></SPAN></P> <P style="MARGIN: 0in 0in 0pt" class=MsoNormal><SPAN style="FONT-FAMILY: Georgia; FONT-SIZE: 11pt">There was a lot of interesting feedback on casing conventions for T-SQL. In summary, the main feedback was<o:p></o:p></SPAN></P> <UL style="MARGIN-TOP: 0in" type=disc> <LI style="MARGIN: 0in 0in 0pt; mso-list: l0 level1 lfo1; tab-stops: list .5in" class=MsoNormal><SPAN style="FONT-FAMILY: Georgia; FONT-SIZE: 11pt">Default capitalization should follow the documentation<o:p></o:p></SPAN> <LI style="MARGIN: 0in 0in 0pt; mso-list: l0 level1 lfo1; tab-stops: list .5in" class=MsoNormal><SPAN style="FONT-FAMILY: Georgia; FONT-SIZE: 11pt">Capitalization has value for all the non-Visual Studio tools people use<o:p></o:p></SPAN> <LI style="MARGIN: 0in 0in 0pt; mso-list: l0 level1 lfo1; tab-stops: list .5in" class=MsoNormal><SPAN style="FONT-FAMILY: Georgia; FONT-SIZE: 11pt">Intellisense should automatically capitalize according to user preferences<o:p></o:p></SPAN> <LI style="MARGIN: 0in 0in 0pt; mso-list: l0 level1 lfo1; tab-stops: list .5in" class=MsoNormal><SPAN style="FONT-FAMILY: Georgia; FONT-SIZE: 11pt">Intellisense and color-coding should work for T-SQL embedded in, say, Visual Basic source code<o:p></o:p></SPAN> <LI style="MARGIN: 0in 0in 0pt; mso-list: l0 level1 lfo1; tab-stops: list .5in" class=MsoNormal><SPAN style="FONT-FAMILY: Georgia; FONT-SIZE: 11pt">Many are moving to a .Net code style of naming but other conventions are in common use.<o:p></o:p></SPAN></LI></UL> <P style="MARGIN: 0in 0in 0pt" class=MsoNormal><SPAN style="FONT-FAMILY: Georgia; FONT-SIZE: 11pt"><o:p>&nbsp;</o:p></SPAN></P> <P style="MARGIN: 0in 0in 0pt" class=MsoNormal><SPAN style="FONT-FAMILY: Georgia; FONT-SIZE: 11pt">If you are interested in the operational side of database development MSDN has a great series of talks by Kimberly Tripp at <A href="http://www.microsoft.com/events/series/msdnsqlserver2005.mspx" mce_href="http://www.microsoft.com/events/series/msdnsqlserver2005.mspx">http://www.microsoft.com/events/series/msdnsqlserver2005.mspx</A>. <o:p></o:p></SPAN></P> <P style="MARGIN: 0in 0in 0pt" class=MsoNormal><SPAN style="FONT-SIZE: 11pt; mso-bidi-font-size: 12.0pt"><o:p>&nbsp;</o:p></SPAN></P> <P style="MARGIN: 0in 0in 0pt" class=MsoNormal><SPAN style="FONT-FAMILY: Georgia; FONT-SIZE: 11pt; mso-bidi-font-size: 12.0pt">This posting is provided "AS IS" with no warranties, and confers no rights.</SPAN><SPAN style="FONT-SIZE: 11pt; mso-bidi-font-size: 12.0pt"><o:p></o:p></SPAN></P> <P style="MARGIN: 0in 0in 0pt" class=MsoNormal><SPAN style="FONT-FAMILY: Georgia; FONT-SIZE: 11pt"><o:p>&nbsp;</o:p></SPAN></P><img src="http://blogs.msdn.com/aggbug.aspx?PostID=471812" width="1" height="1">T-SQLSQ Serverstyle