I want to run a parameterized query in MySQL database from RStudio.
Like there is a table, say TEST, which contains name and age columns. I want to fetch data from TEST where age > 30. I can use paste() to build the query but I want the value 30 as a parameter.
So I was trying the below code :
> myQ<-dbSendQuery(conn,"SELECT * FROM TEST WHERE age > ?")
> dbBind(myQ,list(30))
> dbFetch(myQ)
But after the 1st line it is giving the below error :
Error in .local(conn, statement, ...) : could not run statement:
You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near '?' at line 1
Can anyone please help me on how to achieve this?
Edit 1
I can achieve this using the below code, but I don't want this :
> age<-30
> myQ<-dbSendQuery(conn,paste("SELECT * FROM TEST WHERE age >",age))
> dbFetch(myQ)
Is there any way to achieve my requirement?
Edit 2
See the screenshot below, for reference go this link
You may be using the legacy 'DBI' interface RMySQL::MySQL() as your driver for DBI::dbConnect(). The error you got cleared up for me when I switched to the suggested RMariaDB::MariaDB() driver. Per your screenshot, the DBI docs do imply the RMySQL driver.
Related
We are connecting Hadoop cloudera CDH distribution through ODBC driver. Queries are generated from SSRS. Few queries are working fine with parameters augmented through ? placeholder. Few other queries with parameters augmented through ? are not executing.
Error [HY000][Cloudera][ImpalaODBC] (100) error while executing a query in Impala[HY000] : AnalysisException : syntax error in line 1 where Date >= ? and Date <= ?
^Encountered : Unexpected characterExpected : Case... Exception : syntax error.
If i remove where Date >= ? and Date <= ? or supply the hard coded value then query is working perfect.
Few other queries with same filter are working perfect.
What should be recommended investigation points?
Where could i get the exact impala transformed query to investigate whether query is generated correct or not ?
You have a couple of options:
/var/log/impalad/audit stores audit logs (at least in CDH). Those logs contain sql_statement field that stores executed sql queries
Impala has a web server running on a 25000 port. You could connect
with your browser and see queries executed (/queries tab).
If you are using Cloudera Manager, you could see all executed impala
queries in "impala/queries"
I need to search same query on multiple columns using fatfree.
This works correctly on one column:
$f3->set('list', $users->find(array('name LIKE ?','%'.$queries.'%')));
However, if I try:
$f3->set('list', $users->find(array('name, email LIKE ?','%'.$queries.'%')));
I get error:
PDOStatement: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' email LIKE '%invent%'' at line 1
How can I do this?
Regards.
It should be:
$f3->set('list', $users->find(array(
'name LIKE ? OR email LIKE ?',
'%'.$queries.'%',
'%'.$queries.'%'
)));
NB: PDO doesn't allow to use a same placeholder twice so you have to give twice the same argument ('%'.$queries.'%').
I want to parse the content of xml files and create queries to insert/update some of the xml content in a database.
So far I am able to generate the SQL queries in a processor, populate the body with them, then I would like to run them with the SQL component.
First please let me know if this is not the recommended way to do.
(for instance I feel like the SQL component is meant to run only 1 query).
...
.process(new XmlToSqlProcessor())
.to("sql:${in.body}?dataSource=dataSource")
Doesn't work, ${in.body} is not replaced by its content (meaning the set of queries generated in the processor):
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '${in.body}' at line 1
Should I do all the work in the processor (I wanted to avoid all the database boilerplate though), or maybe use the JDBC component?
If yes can you confirm that the SQL component can only run 1 query and can not parse Simple Expression Language? (I also tried :#${body} that I saw there https://issues.apache.org/jira/browse/CAMEL-7455 but as expected it's considered as a param, not a whole query)
Thanks!
EDIT: after more reading it seems like the SQL component and the JDBC component as well can execute only 1 query. So, having my own processor is apparently the only choice... let me know if I am wrong ;-)
You are right, sql component will execute only 1 query and will not evaluate ${in.body}. You miss two concepts in your route:
Splitter (http://camel.apache.org/splitter.html)
RecipientList
(http://camel.apache.org/recipient-list.html)
Try something like:
...
.process(new XmlToSqlProcessor())
.split().body()
.recipientList(simple("sql:${in.body}?dataSource=dataSource"))
I'm using JDevelper 11.1.2.4 and MySql DB 5.6.19. The version of JConnector I am using is mysql-connector-java-5.1.30-bin.
I've created two tables country and city.
In table city, there is foreign key to link it with the country table.
JDevelper have created associations and view links for these tables which I've tested using ADF Model Tester and they are looking fine.
I've created a transient column CountryName and set the default value (as Expression) to Country1.CountryName.
Now when I run the ADF Model Tester again, I get the following error:
(oracle.jbo.SQLStmtException) JBO-27122: SQL error during statement preparation.
Statement:
SELECT CountryEO.country_id, CountryEO.country_name, CountryEO.country_code,
CountryEO.country_short_name, CountryEO.currency_id, CountryEO.created_date,
CountryEO.created_by, CountryEO.last_updated_date, CountryEO.last_updated_by
FROM cms.country CountryEO WHERE CountryEO.country_id = ?
----- Level 1: Detail 0 -----
(com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException)
You have an error in your SQL syntax; check the manual that corresponds
to your MySQL server version for the right syntax to use near
'OPTION SQL_SELECT_LIMIT=1' at line 1
What may be the problem?
Please check your country view object query by sql puls / toad etc. If its correct please post your question
I'm auditing a project and I found a way to inject data in a query.
The project uses Hibernate and for this piece of code Session.createSqlQuery() and then a .list()
The SQL is something like : "SELECT * FROM tablename ORDER BY column XXXXXX"
XXXXXX can be modified using Fiddler. So I tried
SELECT * FROM tablename ORDER BY column DESC; truncate table tablename;
Unfortunately (well only for my injection attempt) it's not working and I'm getting :
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'truncate table tablename'
My question is, since they're using createSQLQuery, are they safe from injection. If they're not, could you give me an example to highlight the issue.
I tried using %08 (Backspace character) thinking I would be able to delete previous query characters for example (It didn't work ;) )
Thanks.
After some research it seems I won't be able to modify data with this security hole, however using ORDER BY (CASE WHEN ...) would allow to "scan" the tables and the data.
Is the column name specified using a parameterized statement or are you just concatenating text?
ex: in perl::DBI, the drivers support the following syntax:
$dbh->do("SELECt * FROM asdf ORDER BY ?", undef, $order_by);
The ? there is a form of parameterized statement which sanitizes the input automatically.