Is there any equivalent command in Informix for MySQL's 'Replace' ? I'm just finding references to the string manipulation function.
Thanks!
Modern versions of Informix (11.70, 12.10) support the MERGE statement which, I think, can do the job that MySQL REPLACE does. It might require some care coding it correctly.
Related
Newer MySQL versions (as well as SQLite and other databases supported by Knex.js) offer a great way to partially update JSON columns: JSON_MERGE_PATCH (aka JSON_PATCH in SQLite). As far as I can tell, Knex.js doesn't offer this functionality. One could use it with the raw() function in Knex.js, but I don't see how we could use it without having to write the whole SQL query from scratch.
How would you use Knex.js to perform a JSON_MERGE_PATCH in a same .update() statement that updates other non-JSON columns as well?
Found this workaround:
knex(table)
.where('id',id)
.update({
textColumn: textColumnUpdatedString,
// ... other columns
jsonColumn: knex.raw('JSON_MERGE_PATCH(??,?)',['jsonColumn', JSON.stringify(jsonUpdateObject)]) }
})
According to Node.js' mysql package documentation:
In order to avoid SQL Injection attacks, you should always escape any user provided data before using it inside a SQL query. You can do so using the mysql.escape(), connection.escape() or pool.escape() methods.
I cannot find any documentation / reference to using prepared statements with mysql, except for in a reference to using '?' characters. It states the following:
Alternatively, you can use ? characters as placeholders for values you would like to have escaped...
This looks similar to prepared statements in MySQL, however it really
just uses the same connection.escape() method internally.
From my experience with talking to other developers, the general consensus in the developer community is that prepared statements are the ONLY safe way to perform mysql queries from Node.js however, as you can see with the mysql package, there is no obvious support for prepared statements. However, it is indicated that their method for avoiding SQL injection is via the usage of the escape functions.
My Question:
Are the escape functions in the mysql package sufficient enough to securely query a mysql database (without the use of prepared statements)?
Escaping is actually just as safe as using parameterized queries, if you do it consistently.
But it's recommended to use parameters because it makes your code simpler. Therefore developers are probably more likely to do it.
If the Node.js library makes it just as convenient as parameters, but implements it internally by modifying query strings, replacing the ? marks with the parameter values, then you're good.
For what it's worth, Python's MySQL driver does this too, and also PHP's PDO extension when the "emulate prepares" option is in effect. As long as those libraries are well-tested, it should be safe.
FWIW, both escaping and parameters is limited in SQL injection prevention, because in both cases, you can only protect values that you would combine with your SQL query. You cannot protect identifiers (like table names, or column names), or SQL keywords, or expressions, etc. In these cases, just be careful that you have vetted any dynamic content before combining it with your SQL query.
See also:
Preventing SQL injection in Node.js
Difference between real_escape_string and prepare()?
I am thinking to write a converter that takes any oracle query and return Postgresql format of the query assuming table and columns are same.
what I do right now I do timely conversions so I have basic understanding about both and want some expert advice that is it easily possible or not?
Try to use "commercial" version of PostgreSQL - EnterpriseDB. It has an compatibility layer for Oracle.
If you're about to write the "convector" by your own: look at this github project: https://github.com/porcelli/plsql-parser. It's open-source parser for Oracle's SQL dialect. I have to warn you, even if you have AST for Oracle query it is still a lot of to do to convert AST into other SQL dialect. You will also need plenty of sample queries for testing. You can find some sample queries in this project's tests folder.
Also similar project was implemented for MySQL, but I can not find it's homepage now.
Part of the solution is to make available in PostgreSQL the functions available in Oracle. You can have a look at http://orafce.projects.pgfoundry.org/
"The goal of this project is to implemente some functions from Oracle database. Some date functions (next_day, last_day, trunc, round, ...), string functions and some modules (DBMS_ALERT, DBMS_OUTPUT, UTL_FILE, DBMS_PIPE, ...) are implemented now. Funcionality was verified on Oracle 10g and module is useful for production work."
Not possible for every query. They each have syntax and functionality that the other does not -- for example, the MODEL clause in Oracle, or PostgreSQL's special form of "SELECT DISTINCT ON".
Mostly, Oracle has functionality that PostgreSQL doesn't: http://docs.oracle.com/cd/B28359_01/server.111/b28286/statements_10002.htm
Are there any SQL Validators that can check syntax against multiple database servers?
For example, I might want to check whether a particular query will work against Oracle, MySQL and SQL Server.
I am more concerned about the SQL syntax than the actual schema being queried, so a tool that can catch major syntax errors, like detecting that the limit clause is not supported in SQL Server and Oracle would be good enough.
EDIT:
Several answers have suggested checking syntax for a particular DBMS or for ANSI Standard.
What I am looking for a possibility of targeting a sort of union of features between two or more databases (say SQL Server and Oracle). I would like to be able to use any SQL feature that is supported by all of the DBMS I am targeting in a particular application.
I am not sure if it is worthwhile. I think it depends upon the number of non-ANSI features shared by several databases. If there are very few, then perhaps it will be better to target the ANSI standard.
I'm not aware of any that are that specific, these will check that the statements are valid ansi 92/99/2003...
http://developer.mimer.com/validator/index.htm
That will get you 99% of the way there (especially if are only doing CRUD operations)
maybe if you know which reserved words are used by which database you could roll your own simple checker..
see : How to find if a column name is a reserved keyword across various databases
(as already mentioned) If your goal is to create a database agnostic system think about using a third party tool e.g: entityspaces
For the MySQL: try automatic SQL syntax check feature in dbForge Studio for MySQL.
For the Oracle: PL/SQL Editor in dbForge Studio for Oracle
This is an online mysql syntax checker, but this is mysql only
http://www.piliapp.com/mysql-syntax-check/
You can use https://www.db-fiddle.com/. It supports the following DBs
MySQL 8.0
MySQL 5.7
MySQL 5.6
MySQL 5.5
PostgreSQL 13
PostgreSQL 12
PostgreSQL 11
PostgreSQL 10.0
PostgreSQL 9.6
PostgreSQL 9.5
PostgreSQL 9.4
SQLite 3.30
SQLite 3.26
I'm converting procedures from Oracle to MySQL.
Is there any feature like packages in MySQL ?
If it is not there, what is the substitute for packages in MySQL ?
Unfortunately there is no equivalent AFAIK.
See this MySQL bug : Bug #11696 - Please add CREATE MODULE syntax, or Oracle PACKAGE equivalent
Mysql supports stored procedures - the namespace of this is at the database level - there is no explicit support for creating namespaces at a lower level, and the '.' scope operator seeprates databases and objects.
So there is no equivalent entity in MySQL to an Oracle package.