I am working in a stored procedure that is fetching queries from a table and execute them.
The problem is that I have some queries with single/doubled quotes and it is throwing an error on execute them.
Procedure
delimiter $$
drop procedure if exists run_change_ids_queries$$
create procedure run_change_ids_queries()
begin
declare s_query TEXT;
declare done bool default false;
declare c_queries cursor for
select `query` from `queries` WHERE `executed` = 0 ORDER BY `qry_id` ASC;
declare continue handler for not found set done = true;
open c_queries;
read_loop: loop
fetch c_queries into s_query;
if done then
leave read_loop;
end if;
-- run the query
set #sql = s_query;
prepare stmt from #sql;
execute stmt;
deallocate prepare stmt;
-- update executed flag on query
set #update = CONCAT('UPDATE `queries` SET `executed` = 1 WHERE `query` LIKE \'',#sql,'\';');
prepare stmt from #update;
execute stmt;
deallocate prepare stmt;
end loop;
end$$
Query update urisegments as s inner join change_product_ids as p on concat('{"product_id":"', p.old_id, '"}') = s.primary_key_value set s.primary_key_value = CONCAT('{"product_id":', p.new_id, '"}') where s.app_namespace = 'Shop' and s.primary_key_value like '%product_id%'; is throwing error: [42000][1064] You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '{"product_id":"', p.old_id, '"}') = s.primary_key_value set s.primary_key_value ' at line 1
Workaround #01
I already tried to escape single/doubled quotes into \' and \" respectively, but it throws another error:
[42000][1064] You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'{\"product_id\":\"\', p.old_id, \'\"}\') = s.primary_key_value set s.primary_k' at line 1.
Don't try to concatenate the query into the SQL. Prepared statements can contain placeholders, which you fill in when you use the EXECUTE statement.
set #update = 'UPDATE `queries` SET `executed` = 1 WHERE `query` = ?');
prepare stmt from #update;
execute stmt USING #sql;
The statement is not escaped.
All single/doubled quotes should be escaped.
update urisegments as s
inner join change_product_ids as p on concat(\'{\"product_id\":\"\', p.old_id, \'\"}\') = s.primary_key_value
set s.primary_key_value = CONCAT(\'{\"product_id\":\', p.new_id, \'\"}\')
where s.app_namespace = \'Shop\' and s.primary_key_value like \'%product_id%\';
Instead of testing for the query, test for its id:
... WHERE qry_id = ?
(Add that column to the initial SELECT.)
Related
I try to execute a variable query within a custom mysql function, here's the script :
DELIMITER $
CREATE FUNCTION is_present(in_id BIGINT, in_table_name VARCHAR(255)) RETURNS BIT
BEGIN
DECLARE stm VARCHAR(255);
DECLARE result BIT DEFAULT 0;
SET stm := CONCAT('SELECT IF(COUNT(*), 1, 0) INTO result FROM', in_table_name, 'WHERE id=? LIMIT 1');
PREPARE query FROM stm;
EXECUTE query USING in_id;
DEALLOCATE PREPARE query;
RETURN result;
END $
DELIMITER ;
Mysql warns me about the syntax :
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use
near 'stm; EXECUTE query USING in_id; DEALLOCATE PREPARE query;
RETURN result; ' at line 9
I think you are missing a semicolon before var name:
PREPARE query FROM :stm;
The error mysql is throwing is
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'NULL' at line 1
My using phpmyadmin to wreite procedures.
and my stored procedure is
BEGIN
DECLARE page_limit int(100);
DECLARE page_no VARCHAR(100);
DECLARE rstarts int(100) DEFAULT 1;
DECLARE rends int(100) DEFAULT 15;
DECLARE query varchar(255) ;
set query = ' select brandid from brandinfo limit #rstarts,#rends';
PREPARE stmt FROM #query;
set rstarts = 15;
set rends =1;
EXECUTE stmt using #rstarts,#rends;
DEALLOCATE PREPARE stmt;
END
Declared variables and variables beginning with # are two different stories. Read about user defined variables (the ones with #).
DELIMITER $$
CREATE PROCEDURE your_procedure_name()
BEGIN
SET #rstarts = 1;
SET #rends = 15;
set #query = 'select brandid from brandinfo limit ?, ?';
PREPARE stmt FROM #query;
EXECUTE stmt using #rstarts, #rends;
DEALLOCATE PREPARE stmt;
END $$
DELIMITER ;
Also in your query string you want to use ? as parameters, not the variable names. And you might miss on setting the delimiter to something different than ;
Quick question,
using the code bellow, im able to use a sp to perform a delete from any table, but i dont know how to use concat to delete with the where statement.
CREATE DEFINER = `root`#`%` PROCEDURE `fn_del_t`(in t_name varchar(50), isrv char(50))
BEGIN
set #table_name = t_name;
set #iserver = isrv;
# not working with where.
set #sql_text = concat('delete from ',#table_name, 'where iserver =',#iserver);
# ---- not working with where
prepare stm from #sql_text;
execute stm;
DEALLOCATE prepare stm;
END;
call fn_del_t('the_table','localhost');
The error im receiving is:
[SQL] call fn_del_t('the_table','localhost');
[Err] 1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'iserver =localhost' at line 1
Sorry for my english.
Able to solve with:
CREATE DEFINER = `root`#`%` PROCEDURE `fn_del_t`(in t_name varchar(50), isrv char(50))
BEGIN
set #table_name = t_name;
set #iserver = isrv;
#
set #sql_text = concat("delete from ",#table_name," where iserver ='",#iserver,"'");
prepare stm from #sql_text;
execute stm;
DEALLOCATE prepare stm;
END
This is the stored procedure I'm trying to use
DELIMITER ##
CREATE PROCEDURE exportFile()
BEGIN
DECLARE filename VARCHAR(255);
SET filename = CONCAT('~/Sample',NOW(),'.csv'));
SET #outfilestmt = concat('SELECT * INTO OUTFILE ',"'", filename,"'",' FROM Results') ;
PREPARE stmt FROM #outfilestmt;
EXECUTE stmt;
DEALLOCATE PREPARE stmt;
END ##
DELIMITER ;
This is the error I get
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ');
SET #outfilestmt = concat('SELECT * INTO OUTFILE ',"'", filename,"'",' FROM R' at line 6
Desired Result:
call exportFile
--~/Sample2012-03-14-10:42:51.cvs
call exportFile
--~/Sample2012-03-14-10:42:52.cvs
call exportFile
--~/Sample2012-03-14-10:42:53.cvs
A semicolon is missing after
SET filename = CONCAT('~/Sample',NOW(),'.csv'))
and one brace is too much (also noted by Devart. Thanks). Change it to
SET filename = CONCAT('~/Sample',NOW(),'.csv');
Tested it to be sure. Works!
When creating the following procedure I receive this error message:
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near
'd_query;
set d_result = execute stmt;
deallocate prepare stmt; ' at line 15
But after checking I can't see the error. Line 15 relates to 'if d_query is not null then'.
Is this the true error? Or is it not happy to accept an execute as an assignment to d_result?
Any help would be greatly appreciated.
delimiter |
create procedure runtests()
begin
declare d_test_id char(20);
declare d_query text;
declare d_result text;
declare cur cursor for select test_id, query, result from datavalidator order by test_id;
open cur;
repeat
fetch cur into d_test_id, d_query, d_result;
if d_query is not null then
prepare stmt from d_query;
set d_result = execute stmt;
deallocate prepare stmt;
update datavalidator set result = d_result;
end if;
until done end repeat;
close cur;
end;
|
delimiter ; |
"Note that a literal string expression or a user variable are the only ways you can specify the statement to be prepared.", from this documentation.
Try writing the value into a user variable before trying to prepare, perhaps something like:
set #q_sql = d_query;
...or write directly into the user variable in the fetch line.