fredmintah — 2005-01-26T05:23:24-05:00 — #1
Can someone explain to me the meaning of xp_cmdshell stored procedure? Why when is it executed. I tried looking at it using sp_helptext and I found out that is was a dll file with the name xplog70.dll. I will like to know the use of this file and when is it appropriate to execute it.
danfran — 2005-01-26T11:24:58-05:00 — #2
master..xp_cmdshell is an imaginary DOS prompt for SQL Server.
If you can log onto a SQL Server with administrative permission, try this:
exec master..xp_cmdshell 'dir c:\'
It's also one way that servers get compromised by hackers. If someone gets administrative access to a SQL Server (assuming it's configured for "integrated security", meaning, SQL Server gives its own uid/pwds), they can have full control of your machine as if they were an administrator at the dos prompt.
It's used most when you want to run an app from within a stored proc. Sometimes, it's a good way to send email from a stored proc because you can bypass all the SQL Server Agent / MS Exchange hassle by simply calling a VBScript..
fredmintah — 2005-01-27T03:49:30-05:00 — #3
Thank you very much. I am much grateful for the time used to answer this question. How do you send the email with this command ?
Thanks once again.
danfran — 2005-01-27T09:55:30-05:00 — #4
You have to write a VBScript using the CDONTS library (or equivalent).
What OS are you using? Is this for a hosted server or in-house?
Finally, use the stored proc to call
cscript.exe path_to_vbscript_that_sends_email arg1 arg2 arg3
(there are spaces following the path to pass input params, like the email address and name of the person)
If you [or it] can't find cscript, just search your hard drive and use the full path..
To capture the args in VBScript, there should be a collection named WScript.Args, also searchable.
It's not going to be an easy task if you have to learn VBScript from scratch! (but you have all you need to know, theoretically)