I have a mysql stored procedure like this:
CREATE DEFINER=`root`#`localhost` PROCEDURE `accounts_summary_by`(
IN **created_by** int(10)
)
BEGIN
SET group_concat_max_len=2048;
SET #sql = NULL;
SELECT
GROUP_CONCAT(
DISTINCT CONCAT(
'MAX(IF(fiscal_year = ''',
fiscal_year,
''', amount, 0)) AS ',
CONCAT("'",fiscal_year,"'")
)
) INTO #sql
FROM
net_savings;
SET #sql = CONCAT('SELECT accounts.id,
accounts.account,
accounts.region,
accounts.cluster,
accounts.industry, ,'
,#sql,
'FROM net_savings join accounts
on accounts.id = net_savings.account_id
Where accounts.user_id = **created_by**
GROUP BY accounts.account,net_savings.account_id
ORDER BY accounts.id');
PREPARE statement FROM #sql;
EXECUTE statement;
DEALLOCATE PREPARE statement;
END
But upon calling the procedure like these:
CALL accounts_summary_by(2)
2 is a user_id reference to another table called users.
It gave me an error. Please help as I can't find any fixed to my problem.
0 72 23:41:12 CALL `buckets`.`accounts_summary_by`(1) Error Code: 1054. Unknown column 'created_by' in 'where clause' 0.000 sec
MySQL's internal programming language is not php, it is not going to resolve variables within a text, so you need to concat it properly to the middle of the prepared statement:
SET #sql = CONCAT('SELECT accounts.id,
accounts.account,
accounts.region,
accounts.cluster,
accounts.industry,'
,#sql,
'FROM net_savings join accounts
on accounts.id = net_savings.account_id
Where accounts.user_id ='
,created_by
,'GROUP BY accounts.account,net_savings.account_id
ORDER BY accounts.id');
Since created_by is a parameter of the procedure, you do not need to preposition it with #.
Related
I am trying to get it so that I can use a variable in the column name but it doesn't seem to be working.
select
v.name as concat(#person,'\'s Vendor')
,sum(t.amount) as 'Total'
from
total t
inner join vendor v
on v.d = t.d
where
t.who = #person
and v.name is not null
and t.sub_cat not like 'Payment'
and year(date) = (year(sysdate())-1)
and amount > 0
group by
v.name
order by
sum(amount)
desc limit 20;
The above throws an error but below works.
select
v.name as 'John\'s Vendor'
,sum(t.amount) as 'Total'
from
total t
inner join vendor v
on v.d = t.d
where
t.who = #person
and v.name is not null
and t.sub_cat not like 'Payment'
and year(date) = (year(sysdate())-1)
and amount > 0
group by
v.name
order by
sum(amount)
desc limit 20;
Basically, I want to be able to add the person variable and some more text as the column name to better identify the purpose of the data, in this case, who the data is about. Also, I would like to use this as a stored procedure:
create procedure GetTotals(IN person varchar(10));
delimiter //
begin
above working code
end //
delimiter ;
You can use dynamic sql for such queires
SET #sql = CONCAT("select
v.name as '",#person,
"\\'s Vendor'
,sum(t.amount) as 'Total'
from
total t
inner join vendor v
on v.d = t.d
where
t.who = #person
and v.name is not null
and t.sub_cat not like 'Payment'
and year(date) = (year(sysdate())-1)
and amount > 0
group by
v.name
order by
sum(amount)
desc limit 20;");
PREPARE stmt FROM #sql;
EXECUTE stmt;
DEALLOCATE PREPARE stmt;
Keep in mind thsi can be used for sql injection, so a white list for the name is in order
Why not just add the parameter as its own column with a fixed column name. Your return process will be responsible for presenting and can just use that extra column as the "who's" it for purposes. Ex:
select
v.name,
sum(t.amount) as 'Total',
concat(#person,'\'s Vendor') as ForWho
from
Yes, every row will return a result of ex: "John's Vendor" in the column ForWho, but at least you wont have to format that in the return set, you have the column.
Identifiers, including aliases, must be fixed at the time the query is parsed. You can't make an alias that depends on an expression.
You could make a dynamic SQL query by formatting an SQL statement using your #person variable:
SET #sql = CONCAT(
'select v.name as `', concat(#person,'\'s Vendor'), '`,',
...
' where t.who = ? ',
...
);
PREPARE stmt FROM #sql;
EXECUTE stmt USING #person;
DEALLOCATE PREPARE stmt;
The value of #person can be set as the parameter where the ? placeholder appears in the prepared query syntax. But the usage in the column alias cannot be parameterized. So you just have to be careful that the value of #person is safe to use in that position.
You should delimit the alias with back-ticks like any other identifier, to protect from syntax errors if #person contains whitespace or punctuation characters.
I have a really basic question that I've been unable to find the answer to so far. I've read several answers but they don't seem to be working for me.
I'm not looking for someone to debug this (unless you are feeling super helpful!) I just would like some help to debug it myself.
I have the following procedure that I'm in the process of writing. I've obviously made a mistake but can someone show me the best way to debug this. When I call this procedure in phpMyAdmin I can't see what the value of #sql is.
I tried entering SELECT #sql; but that didn't seem to work as nothing was displayed when I called the procedure.
How can I find out what the value of #sql is so that I can properly debug this.
Thanks in advance.
BEGIN
set #sql = (select concat('SELECT a.id as "Asset ID", ',
group_concat(
concat('max(case when ap.property_id = ',ap_id, ' then ap.', ap_data_type, '_value else null end) as "', ap_name,'",')
)
,' FROM chekrite_prod.equipment AS a JOIN chekrite_prod.asset_properties ap on ap.asset_id = a.id group by a.site_id, a.asset_id;'
)
from
(
SELECT i.id as ap_id, item as ap_name, asset_property_data_type as ap_data_type
FROM chekrite_prod.config_items as i
JOIN chekrite_prod.config_tables as t on t.id = i.table_id
WHERE t.company_id = 161 AND t.class = 'asset_property' ) a
)
;
PREPARE stmt FROM #sql;
EXECUTE stmt;
DEALLOCATE PREPARE stmt;
END
I am attempting to use UF Dashbuilder which adds syntax to my SQL query and I don't know how to correct it.
The call that works is similar to:
call database.report ('1234', 'txt');
Dashbuilder turns it into this which does not work:
SELECT * FROM (call database.report ('1234', 'txt');) AS `dbSQL` LIMIT 1
I could also use the code below from the end of the stored procedure to store the results in a table and then SELECT * FROM TABLE in Dashbuilder, but I don't know how to store the results in a table (dynamic number of columns).
Can you please tell me how I can make a stored procedure work with SELECT * added or how I can store the results from this code in a table?
SET #sql = NULL;
SET SESSION GROUP_CONCAT_MAX_LEN = 1000000; -- default is 1024
SELECT
GROUP_CONCAT(DISTINCT
CONCAT(
'MAX(IF(question = ''', REPLACE(question,"'", "\\'"), ''', answer, NULL)) AS ''', REPLACE(question,"'", "\\'"), ''''
)
) INTO #sql
FROM tmp2;
SET #sql = CONCAT('SELECT id, datestamp, ', #sql, ' FROM tmp2 GROUP BY id');
-- SELECT #sql;
PREPARE stmt FROM #sql;
EXECUTE stmt;
DEALLOCATE PREPARE stmt;
UPDATE 1.
COMMENTS TO ANSWER 1:
Results from original #SQL:
`SET #sql = CONCAT('SELECT id, datestamp, ', #sql, ' FROM tmp2 GROUP BY id');`
SELECT id, datestamp, MAX(IF(question = '1. Our records show that you got care from the provider named below in the last 6 months. {Provider}. Is that right?', answer, NULL))
AS '1. Our records show that you got care from the provider named below in the last 6 months. {Provider}. Is that right?',
MAX(IF(question = '2. Is this the provider you usually see if you need a check-up, want advice about a health problem, or get sick or hurt?', answer, NULL))
AS '2. Is this the provider you usually see if you need a check-up, want advice about a health problem, or get sick or hurt?',
MAX(IF(question = 'Area', answer, NULL)) AS 'Area',MAX(IF(question = 'Encounter', answer, NULL)) AS 'Encounter' FROM tmp2 GROUP BY id
Results from #SQL:
ERROR: Error Code: 1166. Incorrect column name '1. Our records show that you got care from the provider named below in the last 6 months. {Provider}'
I guess there is a character that it does not like such as the single quotes?
SET #tableName = 'myreport';
SET #sql = CONCAT('CREATE TABLE ', #tableName, ' AS SELECT id, datestamp, ', #sql, ' FROM tmp2 GROUP BY id');
CREATE TABLE myreport AS SELECT id, datestamp, MAX(IF(question = '1. Our records show that you got care from the provider named below in the last 6 months. {Provider}. Is that right?', answer, NULL))
AS '1. Our records show that you got care from the provider named below in the last 6 months. {Provider}. Is that right?',
MAX(IF(question = '2. Is this the provider you usually see if you need a check-up, want advice about a health problem, or get sick or hurt?', answer, NULL))
AS '2. Is this the provider you usually see if you need a check-up, want advice about a health problem, or get sick or hurt?',
MAX(IF(question = 'Area', answer, NULL)) AS 'Area',MAX(IF(question = 'Encounter', answer, NULL)) AS 'Encounter' FROM tmp2 GROUP BY id
UPDATE 2:
THIS WORKS!!! THANKS!
I have to reduce the length of the column name as shown below. Then I can run the stored procedure twice per day and select * from this table in Dashbuilder.
CREATE TABLE myreport AS SELECT id, datestamp, MAX(IF(question = '1. Our records show that you got care from the provider named below in the last 6 months. {Provider}. Is that right?', answer, NULL))
AS '1.',
MAX(IF(question = '2. Is this the provider you usually see if you need a check-up, want advice about a health problem, or get sick or hurt?', answer, NULL))
AS '2.',
MAX(IF(question = 'Area', answer, NULL)) AS 'Area',MAX(IF(question = 'Encounter', answer, NULL)) AS 'Encounter' FROM tmp2 GROUP BY id
UPDATE 3: This works! Thanks!
SET #t = CONCAT('DROP TABLE IF EXISTS ', survey_report );
PREPARE stmt FROM #t;
EXECUTE stmt;
DEALLOCATE PREPARE stmt;
SET #sql = NULL;
SET SESSION GROUP_CONCAT_MAX_LEN = 1000000; -- default is 1024
SELECT
GROUP_CONCAT(DISTINCT
CONCAT(
'MAX(IF(question = ''', REPLACE(question,"'", "\\'"), ''', answer, NULL)) AS ''', REPLACE(udf_clean_column_name(15, udf_remove_tags(question)),"'", "\\'"), ''''
)
) INTO #sql
FROM tmp2;
SET #sql = CONCAT('CREATE TABLE ', survey_report, ' AS SELECT id, datestamp, ipaddr, ', #sql, ' FROM tmp2 GROUP BY id');
-- SELECT #sql;
PREPARE stmt FROM #sql;
EXECUTE stmt;
DEALLOCATE PREPARE stmt;
DROP TEMPORARY TABLE IF EXISTS `survey_lookup`;
DROP TEMPORARY TABLE IF EXISTS `tmp`;
DROP TEMPORARY TABLE IF EXISTS `tmp2`;
Mysql Function to remove spaces, etc. from the column names.
CREATE FUNCTION `udf_clean_column_name`(col_name_len INT, str varchar(200)) RETURNS varchar(200)
BEGIN
SET str = SUBSTRING(str,1,col_name_len);
SET str = TRIM(str);
SET str = Replace(str,' ','_');
SET str = Replace(str,'-','');
SET str = Replace(str,'?','');
SET str = Replace(str,',','');
SET str = Replace(str,'.','');
RETURN str;
END;
Mysql function to remove tags (I don't recall where I got this function).
CREATE FUNCTION `udf_remove_tags`(Dirty varchar(4000))
RETURNS varchar(4000)
DETERMINISTIC
BEGIN
DECLARE iStart, iEnd, iLength int;
WHILE Locate( '<', Dirty ) > 0 And Locate( '>', Dirty, Locate( '<', Dirty )) > 0 DO
BEGIN
SET iStart = Locate( '<', Dirty ), iEnd = Locate( '>', Dirty, Locate('<', Dirty ));
SET iLength = ( iEnd - iStart) + 1;
IF iLength > 0 THEN
BEGIN
SET Dirty = Insert( Dirty, iStart, iLength, '');
set Dirty = Replace(Dirty,' ',''); #No space between & and nbsp;
set Dirty = Replace(Dirty,'\r','');
set Dirty = Replace(Dirty,'\n','');
END;
END IF;
END;
END WHILE;
RETURN Dirty;
END;
I don't see any mention of stored procedures in the UF DashBuilder documentation, so it looks like they don't have a way around this.
You can create a table from a SELECT query. If you omit the column specifications, they'll be derived automatically from the select list of the query.
SET #sql = CONCAT('CREATE TABLE ', tableName, ' AS
SELECT id, datestamp, ', #sql, ' FROM tmp2 GROUP BY id');
PREPARE stmt FROM #sql
EXECUTE stmt;
DEALLOCATE PREPARE stmt;
The following is the stored function:
DELIMITER //
CREATE FUNCTION `calcMedian`(
`tbl` VARCHAR(64),
`clm` VARCHAR(64)
) RETURNS decimal(14,4)
BEGIN
SELECT AVG(middle_values) AS 'median'
INTO medRslt
FROM (
SELECT t1.clm AS 'middle_values'
FROM
(
SELECT #row:=#row+1 as `row`, table_column_name
FROM tbl, (SELECT #row:=0) AS r
ORDER BY clm
) AS t1,
(
SELECT COUNT(*) as 'count'
FROM tbl
) AS t2
WHERE t1.row >= t2.count/2 and t1.row <= ((t2.count/2) +1)) AS t3;
RETURN medRslt;
END//
DELIMITER ;
I then proceed to execute the following query:
USE ap2;
SELECT vendor_id, calcMedian('invoices', 'invoice_total')
FROM invoices i
WHERE vendor_id = 97
GROUP BY vendor_id;
I get the error message:
SQL Error (1146): Table 'ap2.tbl' doesn't exist *
I understand that the following may be better off as stored procedure/prepared statement rather than function. I just want to take things one step at a time now.
Also I made a different function to simply output the value stored in the variable 'tbl', and it displayed the correct table name (invoices in this case).
Identifiers in a SQL statement cannot be provided as values. Identifiers (table names, column names, function names, etc.) must be specified in the SQL text.
To get the value of the tbl variable (procedure argument) used as a table name within a SQL statement in the procedure, you can use dynamic SQL.
Set a variable to the SQL text, incorporate the string value, and then execute the string as a SQL statement. As an example:
SET #sql = CONCAT( 'SELECT AVG(middle_values) AS `median`'
, ' INTO medRslt'
, ' ... '
, tbl
, ' ... '
);
PREPARE stmt FROM #sql;
EXECUTE stmt;
DEALLOCATE PREPARE stmt;
Be aware that incorporating string values into the SQL text makes the procedure subject to SQL Injection vulnerabilities.
If I had to do this, I would reduce the potential for SQL Injection by verifying that tbl does not contain a backtick character, and enclose/escape the identifier in backticks, e.g.
CONCAT( ' ...' , '`' , tbl , '`' , ' ... ' );
^^^ ^^^
I've put together a simple stored procedure in which two parameters are passed through to make it more dynamic. I've done this with a prepared statement in the "First Two Digits and Count of Records" section.
What I'm not sure of is if I can make the SET vTotalFT section dynamic with a prepared statement as well.
At the moment I have to hard-code the table names and fields. I want my vTotalFT variable to be assigned based on a prepared dynamic SQL statement, but I'm not sure of the syntax. The idea is that when I call my procedure, I could tell it which table and which field to use for the analysis.
CREATE PROCEDURE `sp_benfords_ft_digits_analysis`(vTable varchar(255), vField varchar(255))
SQL SECURITY INVOKER
BEGIN
-- Variables
DECLARE vTotalFT int(11);
-- Removes existing table
DROP TABLE IF EXISTS analysis_benfords_ft_digits;
-- Builds base analysis table
CREATE TABLE analysis_benfords_ft_digits
(
ID int(11) NOT NULL AUTO_INCREMENT,
FT_Digits int(11),
Count_of_Records int(11),
Actual decimal(18,3),
Benfords decimal(18,3),
Difference Decimal(18,3),
AbsDiff decimal(18,3),
Zstat decimal(18,3),
PRIMARY KEY (ID),
KEY id_id (ID)
);
-- First Two Digits and Count of Records
SET #s = concat('INSERT INTO analysis_benfords_ft_digits
(FT_Digits,Count_of_Records)
select substring(cast(',vField,' as char(50)),1,2) as FT_Digits, count(*) as Count_of_Records
from ',vTable,'
where ',vField,' >= 10
group by 1');
prepare stmt from #s;
execute stmt;
deallocate prepare stmt;
SET vTotalFT = (select sum(Count_of_Records) from
(select substring(cast(Gross_Amount as char(50)),1,2) as FT_Digits, count(*) as Count_of_Records
from supplier_invoice_headers
where Gross_Amount >= 10
group by 1) a);
-- Actual
UPDATE analysis_benfords_ft_digits
SET Actual = Count_of_Records / vTotalFT;
-- Benfords
UPDATE analysis_benfords_ft_digits
SET Benfords = Log(1 + (1 / FT_Digits)) / Log(10);
-- Difference
UPDATE analysis_benfords_ft_digits
SET Difference = Actual - Benfords;
-- AbsDiff
UPDATE analysis_benfords_ft_digits
SET AbsDiff = abs(Difference);
-- ZStat
UPDATE analysis_benfords_ft_digits
SET ZStat = cast((ABS(Actual-Benfords)-IF((1/(2*vTotalFT))<ABS(Actual-Benfords),(1/(2*vTotalFT)),0))/(SQRT(Benfords*(1-Benfords)/vTotalFT)) as decimal(18,3));
First, to use dynamic table/column names, you'll need to use a string/Prepared Statement like your first query for #s. Next, to get the return-value from COUNT() inside of the query you'll need to use SELECT .. INTO #vTotalFT.
The following should be all you need:
SET #vTotalFTquery = CONCAT('(select sum(Count_of_Records) INTO #vTotalFT from
(select substring(cast(', vField, ' as char(50)),1,2) as FT_Digits, count(*) as Count_of_Records
from ', vTable, '
where ', vField, ' >= 10
group by 1) a);');
PREPARE stmt FROM #vTotalFTquery;
EXECUTE stmt;
DEALLOCATE PREPARE stmt;
Please note: the variable name has changed from vTotalFT to #vTotalFT. It doesn't seem to work without the #. And also, the variable #vTotalFT won't work when declared outside of/before the query, so if you encounter an error or empty results that could be a cause.
SELECT CONCAT (
'SELECT DATE(PunchDateTime) as day , '
,GROUP_CONCAT('GROUP_CONCAT(IF(PunchEvent=', QUOTE(PunchEvent), ',PunchDateTime,NULL))
AS `', REPLACE(PunchEvent, '`', '``'), '`')
,'
FROM tbl_punch
GROUP BY DATE(PunchDateTime)
ORDER BY PunchDateTime ASC
'
)
INTO #sql
FROM (
SELECT DISTINCT PunchEvent
FROM tbl_punch
) t;
PREPARE stmt
FROM #sql;
EXECUTE stmt;
DEALLOCATE PREPARE stmt;