I am migrating my database from MySQl to SQL Server. My app is built on top of drupal. I am not able to convert the following code to its SQL Server equivalent :
addExpression("GROUP_CONCAT(qa.answer SEPARATOR ',') ", 'lookingfordetails').
What is the SQL Server equivalent of GROUP_CONCAT() and how do I implement it in addExpression()?
I don't know if this works because I can't test it, but I suggest something like this:
$expression = 'STUFF((SELECT ',' + answer as lookingfordetails FROM table FOR XML PATH('')),1 ,1 ,'')';
$query->addExpression($expression);
I think you could see group_concat conversion to other databases:
http://www.sqlines.com/mysql/functions/group_concat
Related
I have the following query that works in MYSQL
$query->whereRaw('
ST_Distance_Sphere(
point(address->>"$.longitude", address->>"$.latitude"),
point(?, ?)
) * .000621371192 < ?
', [$longitude, $latitude, $distance]);
When i deployed to heroku im getting this error
SQLSTATE[42703]: Undefined column: 7 ERROR: column "$.longitude" does not exist
LINE 3: point(address->>"$.longitude", address->>"$.latitu...
Im using postgres on heroku and i know the issue is something to do with the json operator.
What is the $.<json key> syntax called? and how do i convert this raw sql query to postgres?
In the worse case i leaning on switching my database to mysql if i cant solve this by Wednesday as it wont be a big deal
Postgres uses double quotes as delimiter for columns, so you must use single quotes to indicate strings. Laravel will take care of it
st_distance_sphere(
st_point(address->>'$.longitude',address->>'$.latitude'),st_point(?, ?)
)
I want to filter my User table where the concatenation of two columns are equal to a given string.
In this particular case, the SQL query should be like this:
SELECT * FROM User WHERE CONCAT(name, ' ', lastNames) LIKE '%PARTIAL FULLNAME%'
I'm trying to do so using LB4 and the MySQL Connector, but I can't find a way to do it without sending the raw query
Hello from the LoopBack team 👋
LoopBack's query language supports only a subset of features offered by different databases, we are pretty much limited to common operators that are supported by most databases (both SQL and NoSQL).
We don't support computed values (like CONCAT(name, ' ', lastNames)).
I believe sending a raw SQL query is the only options, see Executing database commands for help.
Just make sure to use a prepared SQL statement to avoid SQL injection attacks, something along the following lines:
const result = await repository.execute(
'SELECT * FROM User WHERE CONCAT(name, ' ', lastNames) LIKE ?',
[
`%${partial} ${fullName}%`,
],
);
I'm auditing a project and I found a way to inject data in a query.
The project uses Hibernate and for this piece of code Session.createSqlQuery() and then a .list()
The SQL is something like : "SELECT * FROM tablename ORDER BY column XXXXXX"
XXXXXX can be modified using Fiddler. So I tried
SELECT * FROM tablename ORDER BY column DESC; truncate table tablename;
Unfortunately (well only for my injection attempt) it's not working and I'm getting :
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'truncate table tablename'
My question is, since they're using createSQLQuery, are they safe from injection. If they're not, could you give me an example to highlight the issue.
I tried using %08 (Backspace character) thinking I would be able to delete previous query characters for example (It didn't work ;) )
Thanks.
After some research it seems I won't be able to modify data with this security hole, however using ORDER BY (CASE WHEN ...) would allow to "scan" the tables and the data.
Is the column name specified using a parameterized statement or are you just concatenating text?
ex: in perl::DBI, the drivers support the following syntax:
$dbh->do("SELECt * FROM asdf ORDER BY ?", undef, $order_by);
The ? there is a form of parameterized statement which sanitizes the input automatically.
I have the following issue, I trying to obtain data via linked server in sql server 2008 from BMC Remedy
Everything is fine with connection, but when I added WHERE
"Assigned Group" LIKE '*scri%'*, I get error in sql server because of apostrophes which I have to use because BMC Remedy demands it.
Do you know how to create correct syntax or force sql server to use quotation marks instead of apostrophes, or disable spell checking
SELECT *
FROM OPENQUERY(Remedy,
**'**
SELECT
Incident_Number
FROM
HPD_Help_Desk
WHERE
"Assigned Group" LIKE ' scri% '
**'**
)
When doing SQL queries from within Remedy, I usually create a new field and use workflow to build the SQL query.
Also the syntax of the where clause you specified isn't correct. Try this instead:
SELECT
Incident_Number
FROM
HPD_Help_Desk
WHERE
Assigned_Group LIKE 'scri%'
There maybe a white spaces that cause you a problems.
You can also try this one:
SELECT Incident_Number
FROM HPD_Help_Desk
WHERE Assigned_Group LIKE '%scri%'
Or you can try to run this one if you run sql on DB:
SELECT r.Incident_Number
FROM ARADMIN.HPD_Help_Desk as r
WHERE r.Assigned_Group LIKE '%scri%'
Because you're running OPENQUERY, maybe double apostrophes will be needed or double quotes instead of one quote (" intead of ').
Good Luck
I'm converting an app to use SQL Server 2008 that is currently using SQLite. How would I do the following view in SQL Server 2008? I can't seem to figure out the syntax for calling multiple tables:
CREATE VIEW new_mimetypes AS
SELECT
DISTINCT fd.mimetype AS 'newMimetype'
FROM
files_detail AS fd
WHERE
NOT EXISTS (
SELECT
m.mimetype
FROM
mimetypes AS m
WHERE
fd.mimetype = m.mimetype
)
[EDIT]
Nevermind. SQL Server Management Studio was complaining about syntax errors but it still took the SQL. That's what I get for thinking the IDE new what would work!
That syntax looks correct, are you getting an error?
I agree with #Adam Ruth that the syntax looks correct. I also wanted to add that you could use the "EXCEPT" operator as well to achieve the desired result:
CREATE VIEW [dbo].[new_mimetypes]
AS
SELECT mimetype As 'newMimetype' FROM files_detail
EXCEPT
SELECT mimetype FROM mimetypes