Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
Today i learned how to create stored procedures in MySQL.
DELIMETER //
CREATE PROCEDURE new(IN first INT)
BEGIN
SELECT * FROM table WHERE first_id= first;
END //
Lets say i created this and called it from PHP; CALL new('4');
or i wrote my sql command directly into PHP
$mysqli->query("SELECT * FROM table WHERE first_id= $first");
I have 20 sql commands in my PHP and i am doing them copy past into phpmyadmin as stored procedures. they are not descreasing. Now what i gain from stored procedure? Just a few letter? or??? Thanks for help.
Stored procedures are a good way for building a clean abstraction layer between what is going on in the database and your server side logic. In addition a stored procedure allows that you specify exactly what kind of data you are expexting (data type and possibly length) which can help to improve security in your application (at least at this "access data from database"-point).
Related
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 6 years ago.
Improve this question
Mysql Delete query VS Mysql Triggers (which is fast option?)
Triggers if you want your DBA to be in control of the code.
Query if you want your programmers to be in control of the code.
To clarify:
If it's a trigger, then the implication is that it's part of the database design for things to work that way. i.e. the structure of the database depends on it working that way.
If it's query code, then the implication is that the action is part of your business logic, and not critical to the core structure of the DB.
As mentioned before, they are different things. From MSDN: "A trigger is a special kind of stored procedure that automatically executes when an event occurs in the database server"; whereas a DELETE is a DML statement, that is, statement to manipulate database records. In this case, used for removing database records from a table or view.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
I want to write custom queries using Sequelize, and as far as possible avoid potential issues with SQL Injection. My question is therefore if there exists a secure way of writing custom queries with inserted variables using Sequelize?
Sequelize escapes replacements, which avoids the problem at the heart of SQL injection attacks: unescaped strings. It also supports binding parameters when using SQLite or PostgreSQL, which alleviates the risk further by sending the parameters to the database separately to the query, as documented here:
Bind parameters are like replacements. Except replacements are escaped
and inserted into the query by sequelize before the query is sent to
the database, while bind parameters are sent to the database outside
the SQL query text. A query can have either bind parameters or
replacements.
Only SQLite and PostgreSQL support bind parameters. Other dialects
will insert them into the SQL query in the same way it is done for
replacements. Bind parameters are referred to by either $1, $2, ...
(numeric) or $key (alpha-numeric). This is independent of the dialect.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
If the database used by a server is something other than MySQL, say Mongo DB, then is it possible to execute SQL queries? In such cases how can we perform SQL injection?
I don't expect all the possible commands, but some basic commands if the app is using, say MongoDB.
Yes. This type of attack is possible with any data source which parses queries. In the case of MongoDB, the queries are written in JavaScript instead of SQL but if you build your query like this:
String query = "db.users.find({ age: " + request.getParameter("age") + " });"
then you open the database to similar kinds of attacks.
This is nosql injection, and it is possible.
https://www.owasp.org/index.php/Testing_for_NoSQL_injection
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 9 years ago.
Improve this question
How to hide MySQL stored procedure:
Like with encryption is available in SQL Server Store procedure. I try to hide stored procedure to outside users
As documented under SHOW CREATE PROCEDURE Syntax:
This statement is a MySQL extension. It returns the exact string that can be used to re-create the named stored procedure. A similar statement, SHOW CREATE FUNCTION, displays information about stored functions (see Section 13.7.5.10, “SHOW CREATE FUNCTION Syntax”).
Both statements require that you be the owner of the routine or have SELECT access to the mysql.proc table. If you do not have privileges for the routine itself, the value displayed for the Create Procedure or Create Function field will be NULL.
Therfore, to prevent users from viewing the body of a stored procedure, ensure that:
they are not the owner of the sproc; and
they do not have access to the mysql.proc table.
You can read more about The MySQL Access Privilege System.
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 8 years ago.
Improve this question
I have a database with Tables and Stored Procedures( with lots of sql statements).
Once a week the Windows Task scheduler pulls data from a different source and saves it in a Database table B. I need to compare Table B with existing Table A and if the quantity of Table B is less than Table A, i need to be notified through Email or any other such process.
How can i do that? Please help me. I could nt get any information from the Net
You can create a sql job, and send mail in sql like this
if (Select COUNT(*) from A) != (select COUNT(*) from B)
begin
EXEC master.dbo.xp_sendmail
#recipients=N'x#x.com;y#x.com',
#message=N'Tables count different',
#subject=N'SQL Tables' ;
End
before send mail in sql you must set sql main and give permissin by
sp_configure 'SQL Mail XPs', 1;
I would personally write a .NET console app and run it as a scheduled task. The app will query the database and processes the results. If it passes, notify of the pass, if it fails, notify of the failure.