I see similar questions for Javascript and other languages, but I work in T-SQL.
I have a function that removes non-alpha characters from a string and the output is varchar(). I would like a similar function to do the same but output in nvarchar() to prevent implicit conversions when I am dealing with nvarchar() data.
I know I could simply have two functions and call the appropriate one when needed, but for backwards compatibility, it would be nice to have a single function that could check the table being updated, or something along those lines, and output the appropriate varchar() or nvarchar() string. Then I could universally replace all occurrences of this function with the single 'one-size-fits-all' function.
Has anybody ever seen or come up with something like this, or is this simply too much to ask of a function, and I should consider using a stored procedure?
Related
I'm having a really hard time figuring out how to replace a special character with another in SQL (MySQL syntax). I've already tried with REPLACE function without success. What I would like to do is:
From this string:
"C:\foo\bar\file.txt"
Obtain this string:
"C:\\foo\\bar\\file.txt"
As I thought - this is an XY problem. MySQL does not require anything from the path. What it does require though is its input to be syntactical. In input, the string literal interprets the sequences of backslash and another character as "escape", which removes special meaning from the next character. Since backslash is such a special character, it can be escaped to remove its special significance: one writes \\ to get a string with a single backslash.
What this means is, if you write 'C:\\foo\\bar\\file.txt' in an SQL command, MySQL will understand it as the string 'C:\foo\bar\file.txt' (like in my comment under your question). If you write 'C:\foo\bar\file.txt', MySQL will understand the backslash as removing the special significance from letters f, b and f (not that they had any in the first place), and the string it will end up with will be 'C:foobarfile.txt'.
Once the string is inside MySQL, it is correct, no replacements are necessary. Thus, you cannot use MySQL's REPLACE to prepare the string for input to MySQL - it is way too late for this. It is kind of like punching the baby in the stomach to pre-chew its food after it has already eaten it, it doesn't work that way and it hurts the baby.
Rather than that, use the language that you use to interface with the database (you didn't tag it, so I can't give you the details) to properly handle the strings. Many languages have functions that will correctly escape strings for you for use by MySQL. Even better, learn about prepared statements and parametrised queries, which completely remove the need for explicit escaping.
The best reference on parametrised queries I can recommend, with remedies for multiple languages, is the Bobby Tables site.
REPLACE function should do the job for you - https://dev.mysql.com/doc/refman/8.0/en/replace.html.
How are you passing the string into REPLACE function?
I just came across a JSON wannabe that decides to "improve" it by adding datatypes... of course, the syntax makes it nearly impossible to google.
a:4:{
s:3:"cmd";
s:4:"save";
s:5:"token";
s:22:"5a7be6ad267d1599347886";
}
Full data is... much larger...
The first letter seems to be a for array, s for string, then the quantity of data (# of array items or length of string), then the actual piece of data.
With this type of syntax, I currently can't Google meaningful results. Does anyone recognize what god-forsaken language or framework this is from?
Note: some genius decided to stuff this data as a single field inside a database, and it included critical fields that I need to perform aggregate functions on. The rest I can handle if I can get a way to parse this data without resorting to ugly serial processing.
If this can be parsed using MSSQL 2008 that results in a view, I'll throw in a bounty...
I would parse it with a UDF written in .NET - https://learn.microsoft.com/en-us/sql/relational-databases/clr-integration-database-objects-user-defined-functions/clr-user-defined-functions
You can either write a custom aggregate function to parse and calculate these nutty fields, or a scalar value function that returns the field as JSON.
I'd probably opt for the latter in the name of separation of concerns.
In mysql, if I do something like
round((amount * '0.75'),2)
it seem to work just fine like without single quotes for 0.75. Is there a difference in how mysql process this?
In the hope to close out this question, here's a link that explains type conversion in expression evaluation: https://dev.mysql.com/doc/refman/5.5/en/type-conversion.html
When an operator is used with operands of different types, type
conversion occurs to make the operands compatible. Some conversions
occur implicitly. For example, MySQL automatically converts numbers to
strings as necessary, and vice versa.
mysql> SELECT 1+'1';
-> 2
In your case, MySQL sees arithmetic and performs implicit conversion on any string contained in the expression. There is going to be an overheard in converting a string to number, but it's negligible. My preference is to explicitly type out a number instead of quoting it. That method has helped me in code clarity and maintainability.
I just found out about placeholders in DBI https://metacpan.org/pod/DBI#Placeholders-and-Bind-Values and it seems to be handling various codes pretty well.
Should I be forcing escape regardless? Are there any scenarios where the placeholders would fail based on the input?
If you escape them and then use bound placeholders, they will end up double escaped, which is not what you want. Just use placeholders. (I frequently use them even when the input is trusted, because it looks cleaner.)
There is rarely a reason to use escaping instead of placeholders. An example would be dynamically generating and manipulating a query as an SQL string, but you really shouldn't do that anyway (there are plenty of libraries on CPAN for generating SQL).
The only example that I know of in which a placeholder would fail based on input that would not fail with string interpretation would be when you are interpolating column names from a string, LIMIT clauses, or some such (but again, that is dynamic generating SQL like I mentioned above.)
Placeholders >> manual escaping
Does Matlab's database toolbox have a function to sanitize inputs? I can't find any mention of one in the documentation.
I have a bunch of strings that I'd like to write to a MySQL database. Some of the strings contain apostrophes, and these are causing errors. I'm looking for a simple way to preprocess the strings to make them database-friendly.
Also, it's not necessary in my application to be able to reconstruct the original strings exactly. The preprocessing step never needs to be "undone".
In the end I used matlab's genvarname function to preprocess my strings. This function doesn't do database sanitization, per se, and it's not invertible, but it does remove apostrophes. It met my needs.