HI all,
Can someone explain to me the meaning of xp_cmdshell stored procedure? Why when is it executed. I tried looking at it using sp_helptext and I found out that is was a dll file with the name xplog70.dll. I will like to know the use of this file and when is it appropriate to execute it.
Thanks all.
Fred,
master…xp_cmdshell is an imaginary DOS prompt for SQL Server.
If you can log onto a SQL Server with administrative permission, try this:
exec master…xp_cmdshell ‘dir c:\’
It’s also one way that servers get compromised by hackers. If someone gets administrative access to a SQL Server (assuming it’s configured for “integrated security”, meaning, SQL Server gives its own uid/pwds), they can have full control of your machine as if they were an administrator at the dos prompt.
It’s used most when you want to run an app from within a stored proc. Sometimes, it’s a good way to send email from a stored proc because you can bypass all the SQL Server Agent / MS Exchange hassle by simply calling a VBScript…
Dan
Thank you very much. I am much grateful for the time used to answer this question. How do you send the email with this command ?
Thanks once again.
Frederick
You have to write a VBScript using the CDONTS library (or equivalent).
What OS are you using? Is this for a hosted server or in-house?
Finally, use the stored proc to call
cscript.exe path_to_vbscript_that_sends_email arg1 arg2 arg3
(there are spaces following the path to pass input params, like the email address and name of the person)
If you [or it] can’t find cscript, just search your hard drive and use the full path…
To capture the args in VBScript, there should be a collection named WScript.Args, also searchable.
It’s not going to be an easy task if you have to learn VBScript from scratch! (but you have all you need to know, theoretically)
Dan