I have this stored procedure:
CREATE PROCEDURE get_mysql_user_pass(
IN user_type VARCHAR(16),
IN aes_passphrase VARCHAR(255),
OUT mysql_user VARCHAR(16),
OUT mysql_pass VARCHAR(32),
)
READS SQL DATA
SQL SECURITY INVOKER
BEGIN
DECLARE aes_key VARCHAR(255);
SET #aes_key = SHA1(aes_passphrase);
SELECT
AES_DECRYPT(user_column,#aes_key),
AES_DECRYPT(pass_column,#aes_key)
INTO
mysql_user, mysql_pass
FROM my_table
WHERE my_column = user_type;
END;
The problem:
If I use alpha_numeric like "hosi654dl25lkjdfwhatever" as mysql_pass everything OK, but if I have something like this "rIµ°uþÁYfM09ÃÁôQÇOÅ°jýµàÈWfYf¡½4" as mysql_pass returns grabbled string like "rIµ°uþÃYfM09ÃÃôQÇOÅ°jýµà ÈWfYf¡½4".
I call it from PHP
The question:
Is there any method to encode out string parameter "mysql_pass" and make it readable in PHP? (because the decryption seem be correct)
Related
I'm using AppConnect v12 and I'm trying to write a DB stored procedure from esql using the below piece of code:
CREATE PROCEDURE getCustomer_SP (
IN custNo INT,
INOUT responseCode CHAR)
RETURNS INT
LANGUAGE DATABASE
EXTERNAL NAME "DBSchemaDev.SPName";
where the DBSchema varies from environment to another, so I need it to be variable according to the environment and I will get its value from config. file
For example, for test environment, it is called DBSchemaTest and so on..
I tried the below
DECLARE DBSchema CHARACTER 'DBSchemaDev';
CREATE PROCEDURE getCustomer_SP (
IN custNo INT,
INOUT responseCode CHAR)
RETURNS INT
LANGUAGE DATABASE
EXTERNAL NAME DBSchema || ".SPName";
but it is not working,
I tried also below
DECLARE DBSchema CHARACTER 'DBSchemaDev';
CREATE PROCEDURE getCustomer_SP (
IN custNo INT,
INOUT responseCode CHAR)
RETURNS INT
LANGUAGE DATABASE
EXTERNAL NAME "{DBSchema}.SPName";
but it is not working as well,
so I was wondering if there is possibility to use variables in the EXTERNAL NAME field
Solution found. I used to call the stored procedure as below
DECLARE DBSchema CHARACTER 'esb'; --where esb is retrieved from config. file
CALL getCustomer_SP(custNo, responseCode) IN Database.{DBSchema};
where I removed the schema name from the stored procedure definition as below
CREATE PROCEDURE getCustomer_SP (
IN custNo INT,
INOUT responseCode CHAR)
RETURNS INT
LANGUAGE DATABASE
EXTERNAL NAME "SPName";
I have two stored procs which i call from my laravel application.
My laravel application passes in a cID parameter which is then passed to the stored procedure as the "where clause". But it seems something is going astray and possibly my variables arent set up properly.
Also i know that laravel IS passing the correct cID to my stored proc because i enabled the logs for mysql to see if it was passing any params.
Also the stored procedure select statement runs fine as a query if i manually set the ClientID = '';
My stored proc sends ALL clients and cards to the view, totally ignoring the where clause.
Laravel code:
Route::get('/clients/{cID}', function ($cID) {
$details = DB::select('CALL sp_Details(' . DB::raw($cID) . ')');
$cards = DB::select('CALL sp_Cards(' . DB::raw($cID) . ')');
return view('client.show', compact('details','cards'));
});
Any my Stored Proc
CREATE DEFINER=`root`#`localhost` PROCEDURE `sp_Details`(IN cID int )
BEGIN
SET #ClientID = cID;
SELECT
ClientID,
Client_Name
FROM accounts
where #ClientID = cID;
END
Stored Proc #2
CREATE DEFINER=`root`#`localhost` PROCEDURE `sp_Cards`(cID int)
BEGIN
SET #ClientID = cID;
SELECT
ClientID,
Code
FROM cards
where cID = #ClientID;
END
You are using local variables like #ClientID and you are confusing it to column names, must change your code to avoid them and there is no necessary use the local variable:
CREATE PROCEDURE `sp_Details`(IN cID int )
BEGIN
SELECT
ClientID,
Client_Name
FROM accounts
where ClientID = cID;
END
The other proc:
CREATE PROCEDURE `sp_Cards`(cID int)
BEGIN
SELECT
ClientID,
Code
FROM cards
where ClientID = cID;
END
I am trying to write a simple procedure but am encountering a syntax error at the first parameter. As best I can tell I'm following the syntax of CREATE PROCEDURE correctly.
I am limited to accessing my database with phpMyAdmin. Here is the create script I'm trying to run:
DROP PROCEDURE IF EXISTS product_index_swap/
CREATE PROCEDURE product_index_swap (#id INT, #oldIndex INT, #newIndex INT)
BEGIN
DECLARE #swapID;
SET #swapID = (SELECT `id` FROM `product` WHERE `order_index` = #newIndex LIMIT 1);
UPDATE `products` SET `order_index` = (CASE WHEN `id` = #id THEN #newIndex
WHEN `id` = #swapID THEN #oldIndex END)
WHERE `id` IN (#id, #swapID);
END
I am using the option on phpMyAdmin to change the delimiter to /.
I receive a syntax error "near '#id INT, #oldIndex INT....". I thought I may encounter more delimiter errors since I'm not entirely clear on the scope of them. I believe if that was the problem the error would be on a new line in the procedure when it failed to understand a semicolon, not at the parameters declaration.
You're using the Microsoft SQL Server convention of putting # before all the parameters and local variables. MySQL doesn't do this.
In MySQL syntax, procedure parameters have no sigil.
Also parameters are typically declared IN or OUT or INOUT.
CREATE PROCEDURE product_index_swap (IN id INT, IN oldIndex INT, IN newIndex INT)
BEGIN
DECLARE swapID;
...
MySQL variables that have the # sigil are session variables.
See also:
https://dev.mysql.com/doc/refman/5.7/en/create-procedure.html
https://dev.mysql.com/doc/refman/5.7/en/declare-local-variable.html
https://dev.mysql.com/doc/refman/5.7/en/set-variable.html
In MySQL, the #var variables are session level variables.
Use normal variables without the # and make sure you do not have conflict with column names:
CREATE PROCEDURE product_index_swap (in_id INT, in_oldIndex INT, in_newIndex INT)
BEGIN
DECLARE v_swapID int;
SELECT id into v_swapID
FROM product
WHERE order_index = in_newIndex
LIMIT 1;
UPDATE products
SET order_index = CASE WHEN id = in_id THEN in_newIndex
WHEN id = v_swapID THEN in_oldIndex
END
WHERE id IN (in_id, v_swapID);
END
Create Proc getinfo
(
#Studentid int,
#karan varchar(200) out
)
As
Begin
select #karan= Firstname+' '+Lastname from tbl_students where Studentid=#studentid
End
enter image description here
There is nothing wrong with the getinfo proc. Your exec statement is not quite right and need to declare and assign a variable to accept the returned value, and you need a select to see it
declare #name varchar(100)
set #name = ' '
execute getinfo #studentid = 11000,#karan = #name output
select #name name
note this is a sql server answer since that appears to be what you are using.
I am trying to write a Mysql Function to return a contactID if the record exists based on the parameters supplied, If the record is not present, I am adding the record and then returning the contactID of the new record.
But the function is throwing 1048error, Can you check and correct me if I went wrong in writing this.
DELIMITER $$
CREATE DEFINER=`root`#`%` FUNCTION `GetContactID`(accountNumber CHAR(45),UserID INT(11)) RETURNS char(1) CHARSET latin1
DETERMINISTIC
BEGIN
DECLARE ContactID INT DEFAULT 0;
SELECT ContactID INTO #ContactID FROM Contact WHERE AccountNumber = #accountNumber AND UserID = #UserID AND Status =1;
IF ContactID = 0 or ContactID is null THEN
INSERT INTO Contact(AccountNumber,UserID) VALUES (#accountNumber,#UserID);
SELECT ContactID INTO #ContactID FROM Contact WHERE AccountNumber = #accountNumber AND UserID = #UserID;
END IF;
RETURN ContactID;
END
Can someone help me where I went wrong.
Thanks
The problem results from mixing user variables, local variables and parameters.
#UserId is not the same as UserId - they are different variables.
UserId is also a name of column in the table.
User defined variables are wirtten as #var_name, are stored in the user session and can be used to pass values between differend stored routines that reference them, see this link for details: http://dev.mysql.com/doc/refman/5.7/en/user-variables.html
local variables are declared in stored routines using DECLARE keyword, their scope is local within the stored routine, see this link for details: http://dev.mysql.com/doc/refman/5.7/en/declare-local-variable.html
Parameters of function/procedure - they are declared in the procedure/function declaration, they are used to pass parameters to the stored routine from the caller, can be also used to return results from the routine to the caller (if declared as OUT or INOUT). Their scope is similar to local variables. For details see this link: http://dev.mysql.com/doc/refman/5.7/en/create-procedure.html
Try this code:
DELIMITER $$
CREATE DEFINER=`root`#`%` FUNCTION `GetContactID`(p_accountNumber CHAR(45),p_UserID INT(11)) RETURNS char(1) CHARSET latin1
DETERMINISTIC
BEGIN
DECLARE v_ContactID INT DEFAULT 0;
SELECT ContactID INTO v_ContactID
FROM Contact
WHERE AccountNumber = p_accountNumber AND UserID = p_UserID AND Status =1;
IF v_ContactID = 0 or v_ContactID is null THEN
INSERT INTO Contact(AccountNumber,UserID)
VALUES (p_accountNumber,p_UserID);
SELECT ContactID INTO v_ContactID FROM Contact
WHERE AccountNumber = p_accountNumber AND UserID = p_UserID;
END IF;
RETURN v_ContactID;
END;
Notice that:
function parameters are declared with prefix p_
local variables are declared with prefix v_
the function doesn't use any user variables (prefixed by #)
These prefixes help to avoid ambiguity - we know that p_UserID is a parameter, v_UserId is a local variable, and UserID is a column name in the table (If we would use #UserId, we knew that this was the user variable).