MySQL/NODEJS INSERT variable starting with a number - mysql

From an API i need to save this variable item.preview_urls.3d_viewer
But why i get invalid syntax with that? I think thats the "3" in the name... thats showing pink color in my sublime text but how can i use that variable from the api?
Thats the REPLACE INTO (INSERT) for my table
REPLACE INTO `item` (item_preview_3D) VALUES ('+ pool.escape(item.preview_urls.3d_viewer) + ')'
Its in Javascript (js)
But i get everytime invalid syntax, cause i think there is a "3" in the variable name
How can i get it run?
I dont have access to the api i call
The error
pool.query('REPLACE INTO `item` (item_preview_3D) VALUES ('+ pool.escape(item.preview_urls.3d_viewer) + ')', function(ee, rr) {});
SyntaxError: Invalid or unexpected token
The code works with other api variables, thats only this 3d_viewer
The sql Table is only item_preview_3D with VARCHAR(255)
I get this error when starting the node! Not when executing the query!

Related

Getting SQL error for replace function

I'm not to sure why this is happening and i've been trying to figure it out now for a while.
I've got the follow code
SELECT (MAX(replace(replace(replace(`sku`,'PA1-',''),'TES-',''),'BOX-',''))+1) AS maxValue FROM `product` WHERE `sku` LIKE '%PA1-TES-BOX%'
This was working a while back and nothing has changed code wise, I can only assume that a server changes has caused this to return the following error:
#1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'maxValue FROM ``product`` WHERE ``sku`` LIKE '%PA1-TES-BOX%'
Basically this SQL was built to find the first 3 section of this SKU code and return the ending + 1 so 002 would then return 003 to ensure unique sku codes.
Maybe the replace function has changed, i'm not entirely sure.
Does anyone have any ideas why this suddenly is throwing the error above?
I don't see an obvious syntax error. But assuming the number is the last hyphenated item in the sku, the code could more easily be written as:
select (substring_index(sku, '-', -1) + 1) as maxvalue
. . .
One possibility for the syntax error is that an unprintable character crept in around the as.

Can double-hyphens in strings be escaped?

i have an delphi application that sends MySQL queries to our server. The following query fails
INSERT INTO `KPT`.`Internalorders`
(`InternalOrderId`, `UserId`, `Text`, `MailSent`,
`Done`, `PartlyDone`, `Ordered`)
VALUES (0, NULL, '- Teststring -- Teststring -', NULL, 1, 1, 1)
with this error message:
MySQL Error Code: (1064)
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''- Teststring' at line 1
It looks like the string gets wordwrapped internally in the third-party-components i use for database access (MySQLDAC) and forms to
'- Teststring
-- Teststring -'
which would lead to treating the second part as a comment. Because i dont have the possibility to change the third-party tools, i'm hoping that theres is a way to escape double-hyphens.
Is there?
You can solve this using parameters and it will yield you several big advantages:
no problems with strings and quotes (as you found out)
resiliency against SQL injection.
Reusable & fast update queries (just change the parameter value and execute again)
Query is easier to read and maintain.
So your query becomes:
INSERT INTO `KPT`.`Internalorders`
(`InternalOrderId`, `UserId`, `Text`, `MailSent`,
`Done`, `PartlyDone`, `Ordered`)
VALUES (0, NULL, :Text, NULL, 1, 1, 1)
Assign the Text parameter via the Params object or use the ParamByName method on the query object and execute it.

Special Characters in Scriptella, jexl

I want to extract a text field from a database and insert it into some other database. So while extracting I used the REPLACE(message_text,'\'', '"') while selecting the test. I gave me an error. I changed that from my select statement and did it while initiating the global variable.
etl.globals['message_text'] = message_text;
still I'm getting an error at the insert statement
insert into lcs_al_user_likes(user_id,liked_user_id,post_content,loop_id) values('${etl.globals['posted_by']}','${etl.globals['liked_user_id']}','${etl.gl‌​obals['message_text']}',?batchLoopCounter);
saying
*You have an error in your SQL syntaxcheck the manual that corresponds to your MySQL server version for the right syntax to use near 'message_text']}')' at line 1*
I think it is not getting the global variable. That I say because when i print its value using log it just gives me
${etl.globals['message_text']}
as output. So please help me out here.
<query connection-id="lcsDBConnection">
SELECT forum_topic_post_id AS forum_topic_post_id, posted_by AS posted_by,message_text as message_text FROM lcs_tbl_forum_topic_post WHERE like_count>0 LIMIT ?batchSize OFFSET ?queryCounter ;
<script connection-id="jexl">
etl.globals['forum_topic_post_id'] = forum_topic_post_id;
etl.globals['posted_by'] = posted_by;
etl.globals['message_text'] = message_text.replace('\'', '"');
</script>
It looks like the problem is in INSERT statement, you should use prepared statement
parameters escaping:
INSERT INTO lcs_al_user_likes(user_id,liked_user_id,post_content,loop_id) values(?{etl.globals['posted_by']},?{etl.globals['liked_user_id']},?{etl.gl‌​obals['message_text']},?batchLoopCounter);
BTW As I understand, your original problem was quotes breaking the insert statement, so in this case with ?{parameter} syntax you don't need to use replace(...) function at all.

MySQL Error 1064 - 'Define Function' Syntax

I am barely learning MySQL (moving from SQLite). I am trying to create a custom function within the MySQL command line client, but am hitting errors that I can't correct - and can't find answers to online. My first function began as this:
CREATE FUNCTION myDatabase.LCASE_ASCII_VALUE_AT(
unparsedLine VARCHAR(1024),
linePos int
) RETURNS int DETERMINISTIC
return ASCII( LCASE( RIGHT( CHAR_LENGTH(unparsedLine) - linePos + 1) ) );
I got this error:
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ') )' at line 10
Any pointers on where my syntax went wrong? I suspected these, but they didn't fix the problem:
Perhaps MySQL does not like compound statements like return ASCII( LCASE( .... But even after manually unraveling the statement, I still got the same error (but on a line in the newly unraveled statement - I leave out the unraveled statement to save space).
Perhaps the DELIMITER $$ [function definition] END $$ DELIMITER ; business is mandatory - but that didn't fix the error, and MySQL documentation gives an example of a one-line function where DELIMITER is not needed. (the 'hello' function at https://dev.mysql.com/doc/refman/5.0/en/create-procedure.html)
EDIT: Added that I am creating this function within MySQL command line client.
right requires two arguments, the string itself and the number of characters. You've only given the character count.
Try this instead:
return ASCII( LCASE( RIGHT( unparsedLine, CHAR_LENGTH(unparsedLine) - linePos + 1) ) );
Also, you may find that substr is a better option since there's no need to calculate the argument to right in that case, something like:
return ASCII( LCASE( SUBSTR( unparsedLine, linePos, 1 ) ) );

DB2 Exception Handling

The problem that I am facing is primarily on Exception Handling! When an exception occurs I want to put that data in another log table with the error message. However, in DB2 I am not able to figure out a way to retrieve the corresponding error message for the raised SQLSTATE.
PS: I have a stored procedure for this migration and I am not using any other language to call it.
Though, I have already queried about this and infact I got some valuable pointers.
Refer: DB2 Exception handling
However, if I use the basic SQLERRM function then for a basic 23502 I get the following message:
"SQLSTATE 23502: An insert or update value is null, but the column cannot contain null values."
Whereas what I really want is the Column name that threw this error, appended to this message! Is there any way, the DB2 could give me a complete error, with the column name the error was raised in?
Thanks in advance ;-)...
Harveer
You need to retrieve all of the tokens from the SQLCA when you encounter such an error. The tokens will contain either the table name and column name, or the numeric table id and column position within the table, starting with zero. The SQLERRM function takes in those tokens and uses them to reconstruct an error message that is as detailed as what you see from the command line.