So I have an assignment that is asking for me to add data into a table using the SELECT command. I've always known to use the insert into command or the Update command so I'm a little confused.
There are 2 tables, one named 'Book' and one named 'Fiction'. Book already has data in the table, I need to insert values from book into fiction using the select tool.
If someone could help explain it would be great,
Thank you!
What the assignment means, is to still use a INSERT query, but with an SELECT query attached to insert rows quickly from one table to another.
With INSERT ... SELECT, you can quickly insert many rows into a table
from the result of a SELECT statement, which can select from one or
many tables. For example:
INSERT INTO tbl_temp2 (fld_id)
SELECT tbl_temp1.fld_order_id
FROM tbl_temp1 WHERE tbl_temp1.fld_order_id > 100;
Source: https://dev.mysql.com/doc/refman/5.7/en/insert-select.html
Related
I have a SQL script that contains hundreds of queries.
I need to do an INSERT INTO query, but only if a row with all same fields doesn't exist.
Is there a short way to do it ? I don't want to add a WHERE NOT EXISTS on each query, it will takes too much time...
MERGE INTO Table_Name Tar
USING Table_Name src
ON Tar.Field1=src.Field1 AND Tar.Field2=src.Field2 AND Tar.Field3=src.Field3
WHEN NOT MATCHED
THEN
INSERT (...) VALUES(src..)
GO
This is rough code .Try this.
Maybe my question above may be could be stupid , but I just want to know if is it possible to have insert query inside select or where.
The reason that I want to know that is if someone hack website or any application database, can the hacker input data to hacked database without my knowledge ?
the following example of SQL injection I see in other sites
http://www.example.com/empsummary.php?id=1 AND 1=-1 union select 1,group_concat(name,0x3a,email,0x3a,phone,0x2a),3,4,5,6,7,8,9 from employee
I know what exactly that above query does, but can the hacker input (use insert query) on the database or on any table ?
Yes, it can happen, if the database interface is configured to allow multiple statements in a query.
An INSERT can't run as part of a SELECT statement. But it's possible that the exploit of a vulnerability could finish a SELECT and then execute a separate insert.
Say you have a vulnerable statement like this:
SELECT foo FROM bar WHERE fee = '$var'
Consider the SQL text when $var contains:
1'; INSERT INTO emp (id) VALUES (999); --
The SQL text could be something like this:
SELECT foo FROM bar WHERE fee = '1'; INSERT INTO emp (id) VALUES (999); --'
If multi-statement queries are enabled in the database interface library, it's conceivable that an INSERT statement could be executed.
See: https://www.owasp.org/index.php/SQL_Injection
I have been easily using
SELECT * INTO newtable IN 'another_database'
FROM original_table_in_separate_database;
to backup/copy data from one table to another table easily in MSSQL.
Now i am moving to MYSQL and cannot accomplish this task as this feature is not available in MYSQL.
Though CREATE TABLE ... SELECT can somehow accomplish the task in same database, but not with two different database.
Please help me if there is any idea :)
Thanks in advance .
You can use INSERT INTO .. SELECT FROM construct like
INSERT INTO db1.dbo.newtable
SELECT * FROM db2.dbo.original_table_in_separate_database;
Point to note: For INSERT INTO .. SELECT to work both the target table and inserting table must exist. Otherwise, use CREATE TABLE AS ... SELECT like
CREATE TABLE newtable
AS
SELECT * FROM db2.dbo.original_table_in_separate_database;
This is mostly an academic problem as I try to learn SQL better. Is there a way to do this in a single SQL statement, without first doing a row count, then another statement to insert?
Traditionally I'll do this:
SELECT COUNT(*) FROM mytable;
Then in PHP's result object I'll know the number of rows. let's say I call it $totalrows. Then I'll do
INSERT INTO mytable (`rows`) VALUES ($totalrows);
This of course requires separate queries and PHP.
I wonder if there is a way to accomplish the same using a single SQL statement? I'm using mysqli.
Of course:
INSERT INTO mytable (`rows`)
SELECT COUNT(*)
FROM mytable;
Is it necessary to define the new table definition before using SELECT INTO query in MYSQL.
I am getting problem to execute the query when I writ e like:
SELECT *
INTO newtable
FROM oldtable
WHERE 1=0;
the error showing is:
Undeclared variabie: newtable
if you have newtable
try :
INSERT INTO newtable SELECT ...
if you don't have newtable
try :
CREATE TABLE newtable AS SELECT ...
The MySQL manual search engine is terrible but googling for something like mysql 5.5 select into will normally take you to the right page:
MySQL Server doesn't support the SELECT ... INTO TABLE Sybase SQL
extension. Instead, MySQL Server supports the INSERT INTO ... SELECT
standard SQL syntax, which is basically the same thing.
If you read the documentation here it says:
With INSERT ... SELECT, you can quickly insert many rows into a table from one or many tables
So, yes, you need to create the new table first.
You can use CREATE TABLE new LIKE old to create a new, empty table, which is a copy of the original table structure.