Display SELECT query or table as HTML

https://bertwagner.com/2018/07/03/code-youd-hate-to-live-without-t-sql-tuesday-104-invitation/
This post is part of #tsql2sday event :)
For my current job I support a lot of SQL Servers, they come in all the flavors and sizes (old, new, patched, unpatched, big, small, dedicated, shared, built by our team, built by others... etc). In the ocean of different possible configurations, having a centralized monitoring solution is sometimes not possible for the 100% of the servers, because of different reasons (unsupported features for older versions, located in a different domain or datacenter, some weird security restrictions).

Even when we have already in place a custom inventory and monitoring solution (BTW done using C#, asp.net, SQL Server and Powershell), a couple of rogue servers, needs their own special treat, most of the cases this has to do with some kind of monitoring.

So, for these serves, the solution is to implement local jobs to monitor different kinds of stuff and send via email the monitoring and usage results.
We could perfectly send the info in plain text, but reading this in an email, especially when your boss is included in the distribution list is just awful, so we had to format the data first to make it look better...

That's why I created sp_TabletoHTML, a Stored Procedure to convert any table or SELECT query to an HTML table, so you just have to paste the output in your email body.

Before this stored procedure, we had to do the HTML conversion based on each table columns, and after 3 or 4 times of adapting the same code, I was tired and ended up doing this stored procedure.

How it works?


  • Create the stored procedure and remember where you left it (can be the master database, it really doesn't matter as long as you can access it properly).
  • Then you pass in @stTable (yes, Unicode varchar in case you have weird characters in your object names) the name of the table or view containing the data using the schema.name convention or you can also pass a SELECT query sentence, giving you the ability of formatting or cleaning up your data before converting it to HTML.
  • You can specify if want to include column names or not (included by default) or the predefined style you want or no style at all (or leave the parameters at their defaults)
  • Execute the stored procedure and use the output string as your HTML <table> result.
  • Enjoy!

Sample execution:

SET @SQLSentence = 'SELECT 
name,
state_desc,
create_date,
collation_name 
FROM sys.databases'

EXEC sp_TabletoHTML @stTable = @SQLSentence,
 @TableStyle = 3,
 @RawTableStyle = @st OUTPUT

And you will obtain a beautiful looking HTML table like this one:

Formats can vary...

What is the logic involved?


Just tweaking a little bit the FOR XML functionality, and a lot of column reformatting.
This is the core of the formatting, all the columns with the same name of TD that will translate into <td></td> and the rows that will translate into elements named <tr></tr>:


SELECT [COL1] as TD, [COL2] as TD...
FROM ##rowstablePreHTML 
FOR XML RAW('TR'), ELEMENTS


Since some of the queries are build dynamically, I use sp_executesql, that could be a security risk for untrusted sources.

For internal use, we did not check for malicious code, because... I trust my own code, but before releasing it into Github I added a very basic malicious code check (just check for keywords that has nothing to do with table results) and raise an error for any occurrence encountered. As a recommendation, always validate your queries first.

Null values are not converted to an empty string (because of the unique way XML handle their nulls).  Before using it, remove null values from your data.

Some special datatypes like geography, timestamp, XML, image are not supported, if you try to use them, an error will raise, remove these columns before using it.

Where is the code?

Fortunately for you, it is free!

I offer this stored procedure as open source in GitHub, you can check it here.
The link is also in the Free Tools section on this blog.

The full documentation is also available on the Github page, so you can check the parameter usage and some other examples there!

Also, if any of you can improve this SP, please do it, you are more than welcome!

Comments

  1. AnonymousSeptember 18, 2018 at 2:09 AM

    >> security risk for untrusted sources

    Can't you just replace code like

    SET @SelectStatement = 'SELECT tbl1.* into ##rowstablePreHTML FROM (' + @stTable+') tbl1'

    with a "safe" tablename e.g. @stTable_SAFE

    SET @stTable_SAFE = REPLACE(QuoteName(@stTable), '''', '''''')

    instead of checking for possible SQL Injection keywords (which is unlikely to ever be future-safe ...)

    Similarly I suggest that

    SELECT '[' + COLUMN_NAME + ']' AS 'TH'
    FROM tempdb.INFORMATION_SCHEMA.COLUMNS

    should use QuoteName instead of adding Square Bracket, and replace any embedded single-quote with double-single-quote

    SELECT REPLACE(QuoteName(COLUMN_NAME), '''', '''''') AS 'TH'

    ReplyDelete
    Replies
    1. EduardoSeptember 18, 2018 at 10:11 AM

      thanks for your recommendations! with other point of view i can make my code better, I will try to implement your recommendations.

      Delete

Post a Comment

Popular posts from this blog

Install Python on Windows

Image
Python is the most famous development language today. This is because is open-source, scalable and robust. It can run in almost any device with a processor (or microprocessor, we will see that in coming posts) and is very simple to use and learn, even if you don't have any programming backgroud or experience. Start using it is very simple and you can learn the basics in the official site .   Installing Python For windows systems, you can download the latest version here . Once downloaded, open the executable file as administrator. Then, for the uses we will give on the articles on this site, please install it this way: Make sure you have selected the add Pyton to PATH option - This will allow us to run the Python engine from multiple sources (As is intended for use on multiple applications) .   Make sure you install Python for all users - This will allow usto run the script commands .   Select PIP feature - This is used to install adittional libraries and functionalities, one of
Read more

Checking Azure SQL DB service tier via T-SQL

Image
If you have to manage or work with an Azure SQL database and want to know what service tier the database is currently operating, but you don't have access to the Azure subscription or CLI. Or you want to know the status of the service tier after a scale up or scale down, directly from the database; you can do it via T-SQL Just query the sys.database_service_objectives DMO to obtain this information, this will give information about the service tier, and also will tell you if the database is part of an elastic pool or not. Basic usage (in the context of the database you need the information): SELECT * FROM sys.database_service_objectives; This will return the following information for the current database: I am running on a General Purpose tier with 1 VCore What if you want the information for all the databases created? Just change the context to the master database and execute the following query: SELECT D.name AS DB , D.create_date , SO.edition , SO.service_o
Read more

Quick tip: Zoom in Azure Data Studio

Image
If you finally have given a try t o Azure Data Studio , and if you use it on a regular basis, maybe you want to customize it to suit your needs. Among the huge customization options it has, you can control the text size in form of zoom. To do change it, just use the following keyboard combinations: (Ctrl + = ) For Zoom in. (Ctrl + - ) For Zoom out. (Ctrl + 0) For Zoom reset.  You can see it in action: Also, as with everything on this tool, you can access this functionality from command palette (Ctrl + Shift + P) , and type "zoom" (you can fine-control the editor zoom from here): If you haven't tried it yet, you can download Azure Data Studio here .
Read more