SitePoint Sponsor

User Tag List

Results 1 to 4 of 4

Hybrid View

  1. #1
    SitePoint Zealot fredmintah's Avatar
    Join Date
    Jun 2004
    Location
    Ghana
    Posts
    102
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    What is xp_cmdshell

    HI all,
    Can someone explain to me the meaning of xp_cmdshell stored procedure? Why when is it executed. I tried looking at it using sp_helptext and I found out that is was a dll file with the name xplog70.dll. I will like to know the use of this file and when is it appropriate to execute it.
    Thanks all.

  2. #2
    SitePoint Addict danfran's Avatar
    Join Date
    Jan 2005
    Location
    New York City
    Posts
    244
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Fred,

    master..xp_cmdshell is an imaginary DOS prompt for SQL Server.

    If you can log onto a SQL Server with administrative permission, try this:
    exec master..xp_cmdshell 'dir c:\'

    It's also one way that servers get compromised by hackers. If someone gets administrative access to a SQL Server (assuming it's configured for "integrated security", meaning, SQL Server gives its own uid/pwds), they can have full control of your machine as if they were an administrator at the dos prompt.

    It's used most when you want to run an app from within a stored proc. Sometimes, it's a good way to send email from a stored proc because you can bypass all the SQL Server Agent / MS Exchange hassle by simply calling a VBScript..

    Dan

  3. #3
    SitePoint Zealot fredmintah's Avatar
    Join Date
    Jun 2004
    Location
    Ghana
    Posts
    102
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thank you very much. I am much grateful for the time used to answer this question. How do you send the email with this command ?
    Thanks once again.

    Frederick

  4. #4
    SitePoint Addict danfran's Avatar
    Join Date
    Jan 2005
    Location
    New York City
    Posts
    244
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You have to write a VBScript using the CDONTS library (or equivalent).

    What OS are you using? Is this for a hosted server or in-house?

    Finally, use the stored proc to call
    cscript.exe path_to_vbscript_that_sends_email arg1 arg2 arg3
    (there are spaces following the path to pass input params, like the email address and name of the person)
    If you [or it] can't find cscript, just search your hard drive and use the full path..

    To capture the args in VBScript, there should be a collection named WScript.Args, also searchable.

    It's not going to be an easy task if you have to learn VBScript from scratch! (but you have all you need to know, theoretically)


    Dan


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •