An Application I am using is passing schema name as a string literal and it is getting single quoted and generating MySQL Syntax error:
'somedatabasename'
I want to trim the single quotes and use the schema name to form my query.
SELECT field FROM somedatabasename.sometable
I can only use a single Query and cannot use Stored Procedure (I know using stored functions I can manipulate the strings.)
Is there a way in MySQL where I can Use TRIM or REPLACE with the FROM keyword.
Related
I have to write a stored procedure where I want to set values for a variable called colorId using IN operator, the parameter can be a list of integer ids or no ids. I am wondering what should be the type of variable in the stored procedure?
where color_id IN (1,2,3,4);
Thanks for the help!
If you send a string like '1,2,3,4' as a single parameter, the query will run as if you had done this:
where color_id IN ('1,2,3,4');
The way MySQL does implicit type casts to integer, this converts the value to an integer using only the leading digits, and ignores everything after the first comma. So it will really run as if you had done this:
where color_id IN (1);
There is no way to "remove" the quotes. The point of query parameters is that they are not combined with the query until after the SQL parsing is done. Therefore the parameter is fixed as a single string value in that expression. You can't convert a parameter into a list of discrete values, because that would change the syntax of the query.
So you must pass multiple parameters, one for each value in your list. Like this:
...where color_id IN (?, ?, ?, ?);
And use some function in your client application to split the string into multiple parameters and then pass them not as a single string value, but as multiple integer values.
Some people try to use tricks like using MySQL's FIND_IN_SET() function, but I don't recommend this, because it cannot be optimized with any index.
You tagged this question stored-procedures from which I infer that you are trying to write a procedures that accepts a string of comma-separated integers and use it in an IN() predicate. This is more inconvenient to do in a stored procedure than in any other programming language, because MySQL's stored procedure language doesn't support arrays or good functions for splitting strings or counting elements. It can be done with enough effort, but the code is awful and you will quickly wish you were using any other language.
Your can pass parameter value like this - '1,2,3,4' and FIND_IN_SET function will be able to search in the provided string:
SELECT *
FROM colors
WHERE FIND_IN_SET(color_id, param); # param --> '1,2,3,4'
I use https://github.com/mysqljs/mysql.git library.
I have a mysql db query architecture in which I can not modify the SQL query file one by one to escape each argument for there are too many files, but all the SQL queries will call the query method of a same base mysql instance, so I wonder if I can escape the eventual SQL string in the base mysql query method.
I want to escape the whole SQL string like
select * from tableA where name = 'foo'bar
to
select * from tableA where name = 'foo\'bar'
with some function like mysql_escape("select * from tableA where name = 'foo'bar'") instead of doing this using preparing queries or concating escaped strings.
There isn't a way to do this that wont result in a really inefficient function or some bad hack. Just use parameterized queries, Its basically what they are there for. If you cant use those you use concat strings.
Running mysql_escape on a whole query will require the function to know what characters are part of your query and what characters are part of the input values. You could write some kind of stupid regex to try pull the values from the query and then escape them but its just a bad idea.
Is there a MySQL built-in function that surrounds indentifiers (simple or qualified) with backticks? I.e. such function f would work like:
f('my') would return `my`,
f('my.table') would return `my`.`table`, and
f(`my`) would return `my`
Usually this is a function of your database driver and not your database. The backticks are used by the MySQL statement parser to properly tokenize your statement, so a function that returns values like that would be meaningless since those would be strings and not table or column tokens.
Your database driver may have a function for escaping table names, and if so, use that. Otherwise you'll need to roll your own somehow.
concat('`',replace(your_identifier,'`','``'),'`')
I am trying to pass a parameter to a query, rather than write copious text I have narrowed it down to this simple explanation.
The frament I am trying to insert into is
where pkw_0.keyword in (:kwd)
I have used a String[] to construct a string of the form vals="'AVal','BVal'" which I pass to the query using setParameter("kwd",vals); The query returns zero results. However if I construct the query by hand and use the mysql console the query returns 1 result which is expected.
So I am assuming that either a single string is incorrect for the parameter or there is some conditioning of the values that I need to do prior to passing them via the setParameter call.
Each parameter can only represent a single literal value. You will need to create multiple placeholders in your prepared statement (one for each value) and then provide each value to MySQL as a separate parameter.
select
file,
REPLACE(FILE, '[:alnum:]'+'.'+,'') AS Collection
FROM
CollectionData;
select
file,
REPLACE(FILENAME, '^[a-zA-Z0-9\.]','') AS Collection
FROM collectiondata;
I would like to replace all the non alpha numeric characters from the string including .file extensions from the string as given below.
AXS00003600.txt to AXS
NXS4DG00003600.txt to NXS4DG
I am not able to replace the non alpha numeric data when I execute the above query. What could be the problem?
Unfortunately, MySQL contains no REGEXP_REPLACE operation. The ordinary REPLACE you're trying to use doesn't work with regular expressions. You'll need to do this in client code or maybe in a stored procedure.