We Keep Coding

node-red, MySQL error

Get an error when writing to the database
The function for it:
var newMsg = { payload: msg.payload };
newMsg.topic="insert into MyTable (a,b,c,d,e,f,g) values (newMsg.payload)"
The incoming payload debug shows
payload: "B0:AC:A2:AC:07:F4","Ready","893901","860990","online","876","333"
The error I get from the database node (nore-red-node-mysql) is
"Error: ER_WRONG_VALUE_COUNT_ON_ROW: Column count doesn't match value
count at row 1"
The strange thing to me is that if I try a
newMsg.topic="insert into MyTable (a,b,c,d,e,f,g) values (\"B0:AC:A2:AC:07:F4\",\"Ready\",\"893901\",\"860990\",\"online\",\"876\",\"333\")"
it works perfectly...
Where is the trick?

There is no trick.
This is because the node-red-node-mysql and node-red-contrib-sqldbs nodes do not do any query substitution.
This means that what gets sent to the database is exactly what is in the msg.topic field. In this case that would have been:
insert into MyTable (a,b,c,d,e,f,g) values (newMsg.payload)
Which mysql will read as trying to pass a single value to a query expecting 7 values.
You will have to build the full query (and do your own variable escaping if needed) in a function node before passing the message to the database node.

at the end I solved it this way:
var data = msg.payload.split(",");
msg.payload = {};
msg.payload.a=data[0];
msg.payload.b=data[1];
msg.payload.c=data[2];
msg.payload.d=data[3];
msg.payload.e=data[4];
msg.payload.f=data[5];
msg.payload.g=data[6];
insert into MyTable (a,b,c,d,e,f,g) values ('" + data[0] + "','" + data[1] + "','" + data[2] + "','" + data[3] + "','" + data[4] + "','" + data[5] + "','" + data[6] + "')";
return msg;

Inserting an SQL query string into an SQL table

I want to insert an SQL query string into my database, but I always get an error because of the single quotes ''. I can't just double them '''', because then I can't execute the SQL query which is stored in the SQL database. Here is an example:
"INSERT INTO selections(selection_name, selection_sql, selection_besitzer, selection_sichtbarkeit, selection_standardSelektion)"
+ "VALUES ('"
+ "TestName"+"', '"
+ "Select * From customer where customer_adressnummer like '%1%';"+"', '"
+ "Select all from customer where X"+"', '"
+ "private"+"', '"
+ "0"+"')");
My question is: How can I insert this query into my SQL database without changing the String?
After I insert it I want to read it with my program and then execute the query based on the String in my database.
Here's the error message:
com.mysql.jdbc.MysqlDataTruncation: Data truncation: Truncated incorrect DOUBLE value: 'Select * From customer where customer_adressnummer like '
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3374)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3308)
at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:1837)
at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:1961)
at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2543)
at com.mysql.jdbc.PreparedStatement.executeInternal(PreparedStatement.java:1737)
at com.mysql.jdbc.PreparedStatement.executeUpdate(PreparedStatement.java:2022)
at com.mysql.jdbc.PreparedStatement.executeUpdate(PreparedStatement.java:1940)
at com.mysql.jdbc.PreparedStatement.executeUpdate(PreparedStatement.java:1925)
at toolhouseserver.ExecutionThread.run(ExecutionThread.java:114)
at java.lang.Thread.run(Thread.java:745)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)

Not surprisingly, the probability of encountering SQL injection issues is rather high when trying to use dynamic SQL to insert SQL strings into an SQL database. Save yourself the grief and just use a parameterized query, like this:
PreparedStatement ps = conn.prepareStatement(
"INSERT INTO selections (selection_name, selection_sql, selection_besitzer, selection_sichtbarkeit, selection_standardSelektion) " +
"VALUES (?,?,?,?,?)");
ps.setString(1, "TestName");
ps.setString(2, "Select * From customer where customer_adressnummer like '%1%';");
ps.setString(3, "Select all from customer where X");
ps.setString(4, "private");
ps.setString(5, "0");
ps.executeUpdate();

Very Strange error when trying to INSERT into a database with more than 1 entry

HOPEFULLY.....the title makes sense. But basically this is what is going on. I'm creating a form where a user will be able to View, Update, Insert and Delete records from tables within a database.
I'm using a combo box to display the table data:
Now If I try to Insert a new record, it works fine, until I try and more than one.
This is me placing just the personID record in. and it works fine:
But if i try and add a personID AND a firstName this happens:
as you can see, it ignores the personID entry, and just goes for the firstName.
I cant go further in my code without figuring out what is causing me to not be able to put in 2 things at once.
Here is my INSERT code:
string myInsertSQL;
myInsertSQL = "INSERT INTO person(";
myInsertSQL += "personID)";
myInsertSQL += " VALUES ('";
myInsertSQL += personID.Text + "')";
myInsertSQL = "INSERT INTO person(";
myInsertSQL += "firstName)";
myInsertSQL += " VALUES ('";
myInsertSQL += firstName.Text + "')";
MySqlConnection conn = new MySqlConnection(connstring);
MySqlCommand cmd = new MySqlCommand(myInsertSQL, conn);
With the above, it will only insert the firstName.
I have no idea why this would happen, and I would love some input. Thanks!

By doing this, the DB would insert the ID and the firstname on 2 distinct rows, if you didn't overwrite the first string (myInsertSQL = "INSERT INTO person(";). Here, it only performs the second query (i.e. inserting first name).
Try:
myInsertSQL = "INSERT INTO person(";
myInsertSQL += "personID, FirstName)";
myInsertSQL += " VALUES ('";
myInsertSQL += personID.Text + "', '"+ firstName.Text +"')";
Please note that this is wide open to SQL injections. Try to use prepared statements instead of directly injecting plain text into queries:
string myInsertSQL = "INSERT INTO person(personID, firstName) VALUES (#personID, #firstName)";
MySqlCommand cmd = new MySqlCommand(myInsertSQL, conn);
cmd.Parameters.AddWithValue("#personID", personID.Text);
cmd.Parameters.AddWithValue("#firstName", firstName.Text);
EDIT :
According to your comment, you try to insert more than those 2 values. This work the same.
The error says that you did specify a different number of values and fields. You speak of 6 values, but only list 5 (personID, firstName, address, phoneNumber, postCode). I suspect you forgot the lastName:
string myInsertSQL = "INSERT INTO person(personID, lastName, firstName, address, phoneNumber, postCode) ";
myInsertSQL += "VALUES (#personID, #lastName, #firstName, #address, #phoneNumber, #postCode)";
MySqlCommand cmd = new MySqlCommand(myInsertSQL, conn);
cmd.Parameters.AddWithValue("#personID", personID.Text);
cmd.Parameters.AddWithValue("#lastName", lastName.Text);
cmd.Parameters.AddWithValue("#firstName", firstName.Text);
cmd.Parameters.AddWithValue("#address", address.Text);
cmd.Parameters.AddWithValue("#phoneNumber", phoneNumber.Text);
cmd.Parameters.AddWithValue("#postCode", postCode.Text);
// and so on...

myInsertSQL = "INSERT INTO person(";
here you completely overwrite the myInsertSQL String, so whatever you put in there before is gone before you even send it to the database.

You are overwriting variable value
myInsertSQL += personID.Text + "')";
myInsertSQL = "INSERT INTO person(";

Different results in JDBC and MySQL for SQL select where datetime > date

I am trying to select a subset of entries from a table based on the DATETIME. In the command line, I enter
SELECT * FROM routes_table WHERE time > '2012-05-28 11:01:01' ORDER BY time
I get
mysql> SELECT * FROM routes_table WHERE time > '2012-05-28 11:01:01' ORDER BY time;
+-----------+--------------+------+---------------------+--------------+
| driver | type | num | time | destination |
+-----------+--------------+------+---------------------+--------------+
| Ma Lvjing | Bus | B127 | 2012-06-22 15:00:00 | Colina Hotel |
+-----------+--------------+------+---------------------+--------------+
1 row in set (0.00 sec)
However, when exactly the same query is executed through JDBC, I get all the results of the table, including the entries whose time is earlier than '2012-05-28 11:01:01'. Any idea why is this happening?
This is part of the JDBC code, in a JSP
String database = "routes";
String routes_table = "routes_table";
String column_time = "time";
<%
try {
Class.forName("com.mysql.jdbc.Driver"); //Load the MySQL driver
con = DriverManager.getConnection("jdbc:mysql://localhost/"
+ database, "root", "admin");
stmt = con.createStatement();
String currentDATETIME = new TimeToolbox().getCurrentDATETIME();
rs = stmt.executeQuery("SELECT * FROM " + routes_table + " WHERE "
+ column_time + " > '" + currentDATETIME + "'"
+ " ORDER BY " + column_time);
%>

You should use Prepared Statements with parameters and a Date variable to pass the value of the date, in this way you most likely resolve the problem and prevent SQL Injection ...
String query = "SELECT * FROM " + routes_table + " WHERE "
+ column_time + " > ?"
+ " ORDER BY " + column_time;
PreparedStatement prest = con.prepareStatement(query);
prest.setDate(1,new Date());

Insert with Hibernate native query does not work for java.util.Date

I am using Hibernate JPA and Spring with a Mysql database and I want to insert using a SQL statement like this:
Date saveDate = new Date();
java.sql.Timestamp timeStampDate = new Timestamp(saveDate.getTime());
Query persistableQuery = entityManager.createNativeQuery("INSERT INTO TASK_ASSESSMENT (ACTIVE_FLAG, ASSESSMENT_DATE, DESCRIPTION, "
+ "TITLE, NEEDS_LEVEL_ID, PATIENT_ID, USER_ID) VALUES ("
+ true +", " + timeStampDate + ", " + description + ", " + title + ", "
+ needsLevelId + ", " + patientId + ", " + userId + " )");
persistableQuery.executeUpdate();
But after running it I get the following error:
WARN : org.hibernate.util.JDBCExceptionReporter - SQL Error: -11, SQLState: 37000
ERROR: org.hibernate.util.JDBCExceptionReporter - Unexpected token: 15 in statement
[INSERT INTO TASK_ASSESSMENT (ACTIVE_FLAG, ASSESSMENT_DATE, DESCRIPTION, TITLE,
NEEDS_LEVEL_ID, PATIENT_ID, USER_ID)
VALUES (true, 2011-03-01 15?, any description, , 193, 1, 3 )]
Could someone help me on this please?
PS. I am aware of using hibernate in non-native way, but I need to use native way. I am also of insert ...from... , but I don't think it will help.
Finally I think the problem is mainly with the date. How do you guys pass on MySQL a datetime type using Java?
Update:
The following works fine, I guess it is a java date to mysql datetime conversion problem.
("INSERT INTO TASK_ASSESSMENT "
+ "(ACTIVE_FLAG, ASSESSMENT_DATE, DESCRIPTION, TITLE, "
+ "NEEDS_LEVEL_ID, PATIENT_ID, USER_ID) "
+ "VALUES (true, 1999-12-22, '" + description + "', '"
+ title + "', " + needsLevelId+", " + patientId
+ ", " + userId + ")");
Could anyone please help me on how to convert java.util.Date to MySQL datetime?

Don't use concatenation to insert data into queries, use parameters instead. It solves problem with wrong representation of values, as well as many other problems:
entityManager.createNativeQuery(
"INSERT INTO TASK_ASSESSMENT (ACTIVE_FLAG, ASSESSMENT_DATE, DESCRIPTION, "
+ "TITLE, NEEDS_LEVEL_ID, PATIENT_ID, USER_ID) VALUES (?, ?, ?, ?, ?, ?, ?)")
.setParameter(1, true)
.setParameter(2, saveDate, TemporalType.TIMESTAMP) // Since you want it to be a TIMESTAMP
.setParameter(3, description)
.setParameter(4, title)
.setParameter(5, needsLevelId)
.setParameter(6, patientId)
.setParameter(7, userId)
.executeUpdate();

Looks like a few issues. Some of your fields should have quotes around them. Also, possibly you need to format the timestamp in a different way, not sure how mysql expects it?
Query persistableQuery = entityManager.createNativeQuery(
"INSERT INTO TASK_ASSESSMENT
(ACTIVE_FLAG, ASSESSMENT_DATE, DESCRIPTION, "
+ "TITLE, NEEDS_LEVEL_ID, PATIENT_ID, USER_ID) VALUES ("
+ true +", "
+ "'" + timeStampDate + "'"
+ ", "
+ "'" + description + "'"
+ ", "
+ "'" + title + "'"
+ ", "
+ "'" + needsLevelId + "')");
As far as formatting the date, I suspect you will need to look at the SimpleDateFormat class, which will let you get the date into whatever format mysql expects. See http://download.oracle.com/javase/1.4.2/docs/api/java/text/SimpleDateFormat.html

You can send parameter in method save, or what you use and use named SQL queries Query persistableQuery = entityManager.createNativeQuery("INSERT INTO TASK_ASSESSMENT (ACTIVE_FLAG, ASSESSMENT_DATE, DESCRIPTION, TITLE, NEEDS_LEVEL_ID, PATIENT_ID, USER_ID) VALUES (":active_flag",":timeStampDate", ":description", ":title", ":needsLevelId", ":patientId", ":userId" )").setParameter("active_flag", your_object.getactive_flag).setParametr and etc
persistableQuery.executeUpdate();
but somewhere create object with all this fields.

In hibernate 5.3 and above positional parameters are deprecated so we need to use keys for parameter. Hql does not support insert with parameter. We need to follow below approch
import org.hibernate.query.Query;
public void insertData() {
String sql = "insert into employee(id,name,age,salary) values(:0,:1,:2,:3)";
List<Object> paramList = new ArrayList<Object>();
paramList.add(1); // id
paramList.add("sumit"); // name
paramList.add("23"); // age
paramList.add(10000); // salary
Session session = null;
try {
session = getSessionfactory().openSession();
Query query= session.createNativeQuery(sql);
for(int i=0;i<paramList.size();i++) {
query.setParameter(""+i,paramList.get(i)); // remember to add "" before i , we need to maintain key value pair in setParameter()
}
query.executeUpdate();
}
catch(Exception e) {
System.out.println(e);
}
}