In my NodeJS app, I want the user to be able to pass in a filter into a mySQL (v8.0.20) query (using Knex):
const sql = 'SELECT * FROM xyz WHERE id = ? AND ?? ? ?';
The series of question marks at the end is where I want to add in the filter, e.g. id > 3. I know one question mark indicates a value and two indicates an attribute/table name. But neither work for <,>,=. How do I tell SQL that this is a built-in operator?
You can't use parameters to supply structural parts of an SQL query. Parameters are meant to be value placeholders.
If you scrutinize the user-supplied field names and operators properly, you can build the SQL query dynamically. Keep the ? for user-supplied values.
const allowedOperators = ['=', '>', '>=', '<', '<=', '!='];
const allowedFields = ['id', 'name', 'etc'];
if (
allowedOperators.indexOf(userSuppliedOperator) > -1 &&
allowedFields.indexOf(userSuppliedField.toLowerCase()) > -1
) {
var sql = `SELECT * FROM xyz WHERE id = ? AND {userSuppliedField} {userSuppliedOperator} ?`;
// use SQL string
} else {
throw new Error("Invalid search parameters");
}
Related
I'm still new to this laravel, for now I'm facing a trouble for fetching data from the database. What i want to get is when there are only one data available, the second parameters won't be executed, but if there are some data available on the second parameters, then all the data from first parameter and the second parameter will be called.
$detail = Barang_Keluar_Detail::findOrFail($id); //15
$cariid = $detail->pluck('barang_keluar_id');
$instansiquery = Barang_Keluar::where('id',$cariid)->first(); //21
$instansiid = $instansiquery->pluck('instansi_id');
$tanggal = $instansiquery->pluck('tanggal')->first();//2019-12-31
and the parameter are here
$cariinstasama = Barang_Keluar::where('id', $cariid)
->orWhere(function ($query) use($instansiid, $tanggal) {
$query->where('tanggal', "'$tanggal'")
->where('instansi_id', $instansiid);
});
Please any help will be appreciated, thank you.
Laravel query builder provides elegant way to put conditional clause using when() . You can put conditional clause on your query like this:
$cariinstasama = Barang_Keluar::where('id', $cariid)
->when($instansiid, function ($query, $instansiid) {
return $query->where('instansi_id', $instansiid);
})
->when($tanggal, function ($query, $tanggal) {
return $query->where('tanggal', $tanggal);
})->get();
For more info see https://laravel.com/docs/5.8/queries#conditional-clauses
You can try this as well.
$cariinstasama = Barang_Keluar::where('id', $cariid);
if($instansiid !== null)
{
$cariinstasama->where('instansi_id', $instansiid);
}
if($tanggal !== null)
{
$cariinstasama->where('instansi_id', $instansiid);
}
$result = $cariinstasama->get();
Its not clear what exactly you want.
Are you applying more than one parameter on the query if the first parameter result gives you more than one row in the database? If yes check out my approach :
$query = new Model(); // the model you want to query
if($query->where('col1', $param1)->count() > 1) // checks if the query from the 1st parameter produces more than one row in the database
$query = $query->where( // if yes apply more parameters to the query
[
['col1', $param1],
['col2', $param2]
]
);
else
$query = $query->where('col1', $param1);
$results = $query->get();
Hope it helps....
I build a function
public function getBannedByLogin($commentId)
{
$sql = $this->getDbAdapter()->select()
->from(array('comments' => 'comments'), array())
->join(array('users' => 'qengine_users'),
'comments.bannedBy = users.userId',
array())
->where('commentId = ?', $commentId)
;
$row = $this->fetchRow($sql);
return $row['login'];
}
And there are problems, that does'nt work! :D
Let's I explain you. Column 'bannedBy' from comments returns id of user, who give a ban. I need to join this with table users to load a login field. Where i have mistakes?
I assume the code works in the sense of not throwing an exception. If so, your code is OK, you just specifically tell Zend_Db not to select any columns.
public function getBannedByLogin($commentId)
{
$sql = $this->getDbAdapter()->select()
->from(array('comments' => 'comments'))
->join(array('users' => 'qengine_users'),
'comments.bannedBy = users.userId')
->where('commentId = ?', $commentId)
;
$row = $this->fetchRow($sql);
return $row['login'];
}
The last argument to from() and join() functions is an array of columns you wish to select. If you pass in an empty array, no columns are selected. No argument = select everything. You can, of course, specify only the columns you need too.
Hi I follow the OTRS developer manual for using sql queries inside the modules.
I run the following query but I only get first value from result.
my $SQL = "SELECT id FROM roles ";
$Self->{DBObject}->Prepare(SQL => $SQL, Limit => 15);
my #Row = $Self->{DBObject}->FetchrowArray();
if I check the size of #Row array I get one but in reality I have many roles created in roles table.
Can some one tell me whats missing ?
I can't add the code snippet in the comment to the other answer but here goes;
FetchrowArray() will return a list of columns for one row of the result, so you'd have to iterate over it like below; as pointed out. And if you want to add all results to an array, just use push.
$Self->{DBObject}->Prepare(
SQL => "SELECT id FROM table",
Limit => 10
);
my #IDs;
while ( my #Row = $Self->{DBObject}->FetchrowArray() ) {
push #IDs, $Row[0];
}
FetchrowArray() should be in a loop. This is an example from the OTRS doc:
$DBObject->Prepare(
SQL => "SELECT id, name FROM table",
Limit => 10
);
while (my #Row = $DBObject->FetchrowArray()) {
print "$Row[0]:$Row[1]\n";
}
I believe you should use SelectAll instead. SelectAll() return an array reference, not an array.
Mysql codeigniter query is not working properly.
Suppose if mysql table looks like this:
user_id|user_name
1|john
2|alex
3|sam
Here user_name is unique
The following query should return false if user_name=john and user_id=1 and true if say user_name=john and user_id=2.
$this->db->get_where('user', array('user_name' => $name,'user_id !=' => $userid));
But it returns true in the case user_name=john and user_id=1.
Can anyone suggest me an alternative way of querying not equal to.
print($this->db->last_query()) gives:
SELECT * FROM (user) WHERE user_name = 'john' AND user_id != '1'
Why dont you use simple $this->db->query('your query');
Simply try this, Add the desired condition in the where function.
$this -> db -> where('invitee_phone !=', $user_phone);
You can go follwoing way too. It work for me
$total = 5;
$CI = get_instance();
$CI->load->database();
$CI->db->order_by('id','asc');
$topusers = $CI->db->get_where('users',array('user_type != 1 && `status` =' => 1),$total,0);
echo $CI ->db ->last_query();
die;
and if still not work for you can go with #rohit suggest: $this->db->query('your query');
Type 1:
Using ->where("column_name !=",$columnname) is fine for one column.
But if you want to check multi columns, you have to form an array inside where clause.
Like this
$whereArray = array(
"employee_name" => $name,
"employee_id !=" => $id,
);
$this->db->select('*')->from('employee')->where($whereArray);
Type 2:
We can just write exactly what we want inside where.
Like
$thi->db->where(("employee_id =1 AND employee name != 'Gopi') OR designation_name='leader#gopis clan'");
Type 2 is good for working with combining queries, i mean paranthesis "()"
you can follow this code:
$query = $this->db->select('*')->from('employee')->where('user_name', $name)->where('user_id !=', $userid)->get();
$last_query = $this->db->last_query();
$result = $query->result_array();
if you pass $name = 'john' and $userid = '1' then it return empty array.
The problem with using $this->db->query('your query'); is that it is not portable. One of the most important reasons to embrace the query builder methods is so that no matter what database driver you use, CodeIgniter ensures that the syntax is appropriate.
If a bit of discussion was possible, I'd probably like to hear why you need composite primary identifiers in your table and I'd like to see what your table schema looks like. However, I think the time for discussion has long passed.
Effectively, you want to return a boolean result stating the availability of the combination of the username AND the id -- if one is matched, but not both, then true (available).
To achieve this, you will want to search the table for an exact matching row with both qualifying conditions, count the rows, convert that integer to a boolean, then return the opposite value (the syntax is simpler than the explanation).
Consider this clean, direct, and portable one-liner.
return !$this->db->where(['user_name' => $name,'user_id' => $userid])->count_all_results('user');
this will return false if the count is > 0 and true if the count is 0.
I'm looking to sort the results of a query in the controller, "after" it is returned from the model, here is what im trying:
$query = $this->user->get_all_users();
foreach($query as $user){
// dynamically according to my projects' logic
// assigns a grade to each user
$user->grade = assign_a_grade_to_user()
}
what im looking to do is , the results in $query should be sorted according to the grade a student has , and then pass that sorted $query to my view to print
any suggestions or idea to get this ?
NOTE : no issues if we use another temporary variables or data structures like we can store the sorted results in some other variable too
This should do:
function cmp( $a, $b )
{
if( $a->grade== $b->grade){ return 0 ; }
return ($a->grade< $b->grade) ? -1 : 1;
}
$sortedArray=usort($query ,'cmp');
So your code should look like:
$query = $this->user->get_all_users();
foreach($query as $user){
// assigns a grade to each user
$user->grade = assign_a_grade_to_user()
}
$sortedArray=usort($query ,'cmp');
$data['users']=$query;
$this->load->view('home',$data);