How do I get the raw SQL string sent to the server from the ORM? How do I intercept it in order to do custom work?
I want to forward the query to a custom driver. My target is MS SQL Server via NodeJS - from a Linux environment.
But I don't want to reinvent the wheel. I want to reuse the existing SqlServer query builder.
As long as your query is not executed by toArray() or something similar, you can use $q->sql() to retrieve the raw sql query that cakePHP will execute:
$q = $this->Model->find('all');
$this->log($q->sql()); // log raw sql query
$query = $this->find();
debug($query);
$query is a query object from where you can get the raw SQL expression.
Related
Is it possible to use JOOQ to form a simple string query without creating factory using connection as compile time check is not required?
I dont want to establish the connection first and generate the classes
Yes you can execute SQL as strings. But you will loose all benefits from code completion will writing queries and the type safety and this is the many advantage of jOOQ over using plain JDBC.
// Create a Query object and execute it:
Query query = create.query("DELETE FROM BOOK");
query.execute();
// Create a ResultQuery object and execute it, fetching results:
ResultQuery<Record> resultQuery = create.resultQuery("SELECT * FROM BOOK");
Result<Record> result = resultQuery.fetch();
Please also checkout the documentation. https://www.jooq.org/doc/3.13/manual-single-page/#sql-execution
I'm using a MySql database and was trying to find a MySQL alternative to tedious.js (a SQL server parameterised query builder).I'm using Node.js for my backend.
I read that the .raw() command from knex.js is susceptible to sql injection, if not used with bindings.
But are the other commands and knex.js as a whole safe to use to prevent sql injection? Or am I barking up the wrong tree?
Read carefully from knex documentation how to pass values to knex raw (http://knexjs.org/#Raw).
If you are passing values as parameter binding to raw like:
knex.raw('select * from foo where id = ?', [1])
In that case parameters and query string are passed separately to database driver protecting query from SQL injection.
Other query builder methods always uses binding format internally so they are safe too.
To see how certain query is passed to database driver one can do:
knex('foo').where('id', 1).toSQL().toNative()
Which will output SQL string and bindings that are given to driver for running the query (https://runkit.com/embed/2yhqebv6pte6).
Biggest mistake that one can do with knex raw queries is to use javascript template string and interpolate variables directly to SQL string format like:
knex.raw(`select * from foo where id = ${id}`) // NEVER DO THIS
One thing to note is that knex table/identifier names cannot be passed as bindings to driver, so with those one should be extra careful to not read table / column names from user and use them without properly validating them first.
Edit:
By saying that identifier names cannot be passed as bindings I mean that when one is using ?? knex -binding for identifier name, that will be rendered as part of SQL string when passed to the database driver.
Is there any Online Web Tool that Convert mySQL Query To Zend FrameWork Query.
that is i type mySql Query and the Tool Convert it to Zend FrameWork equivalent Query
You don't need a tool for this. Within Zend Framework's Zend_Db, component, you can do:
$stmt = $db->query($sql);
If $sql is a select, then you can retrieve the data with:
$rows = $stmt->fetchAll();
Alternatively, ZF is just a PHP framework, so there's nothing stopping you continuing to use PDO or mysqli directly.
I have a this model:
class Document(models.Model):
data = models.TextField()
users = models.ManyToManyField(User)
How would you convert the following query for the model above to raw sql?
Document.objects.annotate(num_users=Count(users))
I need to switch this to raw sql because there is a bug in django when using MySql that makes annotate very slow.
But I'm not sure how to handle the many to many field in raw sql..
Document.objects.raw('SELECT ...')
The easiest way to translate your Django query to SQL is to simply look at the SQL that Django generates: How can I see the raw SQL queries Django is running?
you can get corresponding query the way mentioned below:
queryset = Document.objects.annotate(num_users=Count(users))
sql_query = queryset.query
print(sql_query)
if you have a console application, you can do it very easily. You can assign the console output to the context.log
context.log = console.out;
my application is using asp.net mvc3 and linq to sql. I want to see the raw sql statement after it gets translated, so I can improve the performance. how do i monitor the output?
You can do something like this:
var dc = new DataContext(AppSettings.GetConnectionString());
dc.Log = new System.IO.StreamWriter(#"C:\linq.log");
Then just make sure you use that datacontext to get your tables. As soon as that datacontext is used to access the database the SQL will be output to the logfile.