I'm having trouble generating a query in Codeigniter. The problem is
$this->db->select('user.*')
->join('user_group', 'user.group_id BETWEEN user_group.start_range AND user_group.end_range', 'left');
This code generates the following query:
SELECT `user`.* FROM (`user`) LEFT JOIN `user_group` ON `user`.`group_id` `BETWEEN` user_group.start_range AND user_group.end_range
Here, the mysql can not recognize the BETWEEN which is inside the quote character, how can I generate the query without wrapping with the quote character. Please, give me any suggestion.
I'm using codeigniter 2.2.0
You would need to either override the $_reserved_identifiers variable in the CI_DB_driver class to look like the following
var $_reserved_identifiers = array('*', 'BETWEEN'); // Identifiers that should NOT be escaped
(Note im not sure what if this reduces security)
https://github.com/bcit-ci/CodeIgniter/blob/2.2-stable/system/database/DB_driver.php#L67
The other option is to replicate the between operator using >= and <=
Related
I have this SQL statement in an ASP page querying the database and I need to convert it to MySQL.
SELECT DISTINCT trelMapSU.Site, trelMapSU.MapNum, tlkpSUTyp.SUTyp,
tblSU.SUNum, tlkpSUDesc.SUDesc,
CDbl(IIf(IsNumeric( [tblSU]![SUNum]),[tblSU]![SUNum],
Left([tblSU]![SUNum],
InStr(1,[tblSU]![SUNum],'-')-1)
)
)
FROM tlkpSUTyp
I am new to this and found that CDbl means to convert a value to a double which still make very little sense to me even with the examples I have found. It also seems that the Left command returns a specified number of characters from the left side of a string. A Little more clear but I am still not sure what this is trying to accomplish. Can someone explain how to convert this to MySQL?
UPDATE
Could someone translate what this means:
CDbl(IIf(IsNumeric( [tblSU]![SUNum]),[tblSU]![SUNum],
Left([tblSU]![SUNum],
InStr(1,[tblSU]![SUNum],'-')-1)
)
)
I think if I knew that I could get somewhere.
I have a problem when I want to fetch data from data base
The problem lies in the use of(-) exemple (code-produit)
With that I can not change anything in data base
Requet:
SELECT `Commande.numéro-Commande`,`Date`,`Code-Produit`,`Désignation`,`Prix-Unitaire`,`Qte`
FROM `client`,`commande`,`produit`,`ligne-commande`
WHERE `client.Code-client`=`commande.Code-client` and
`commande.Numèro-commande`=`ligne-commande.Numèro-commande` and
`ligne-commande.Code_Produit`=`produit.Code-Produit` and
`code-client`=5
Error:
Set the table for the last code-client (code-client=5), it could be from client or commande, so set the table
If you want to use hyphen - in your table/column name(s), you should consider wrapping it using backticks. Otherwise, MySQL parser would read it as subtraction operator. My recommendation is to use underscore _ instead of hyphen -.
Secondly, please don't use Old comma based Implicit joins and use Modern Explicit Join based syntax
SELECT Commande.`numéro-Commande`,
Date,
`Code-Produit`,
Désignation,
`Prix-Unitaire`,
Qte
FROM client
JOIN commande ON client.`Code-client` = commande.`Code-client`
JOIN produit ON `ligne-commande`.Code_Produit=produit.`Code-Produit`
JOIN `ligne-commande` ON commande.`Numèro-commande` = `ligne-commande`.`Numèro-commande`
WHERE client.`code-client` = 5
I have a problem with the way of escape of Query Builder in Codeigniter 3.0.
For example, this code
echo $this->db->select('ROUND(3.456, 1) AS T1')->get_compiled_select();
Return:
SELECT ROUND(3.456, `1)` AS `T1`
The function put backticks after a coma, but this is solved by setting FALSE the second parameter. But the function "from" put always backticks:
echo $this->nm->db->from('(SELECT ROUND(3.456, 1)) AS T1')->get_compiled_select()
Return:
SELECT * FROM (SELECT ROUND(3.456, `1))` AS `T1`
I'm using Codeigniter 3.0. The problem exists since Codeigniter 2.2. I need use the Query Builder beacuse it's very easy to use, but its escape method is troublesome. How stop the escaping in the function from?
Thanks.
I found a solution, but I'm not sure use it. In "database.php" file should be added a new element for the config array of database connection.
$db['default']['_protect_identifiers'] = FALSE;
That code disable the escape mode. But is it advisable? What is the risk of disabling the escaping system?
Thanks.
or you can disable on current query and enable it again rather on whole app. Before query, insert
$this->db->_protect_identifiers = FALSE;
and after query, set to TRUE to enable it again.
In my Django app, I need to generate a MySQL query like this:
SELECT * FROM player WHERE (myapp_player.sport_id = 4 AND (myapp_player.last_name LIKE 'smi%'))
UNION
SELECT * FROM player WHERE (myapp_player.sport_id = 4 AND (myapp_player.first_name LIKE 'smi%'));
I can't use Q objects to OR together the __istartswith filters because the query generated by the Django ORM does not use UNION and it runs at least 40 times slower than the UNION query above. For my application, this performance is unacceptable.
So I'm trying stuff like this:
Player.objects.raw("SELECT * FROM myapp_player WHERE (sport_id = %%s AND (last_name LIKE '%%s%')) UNION SELECT * FROM sports_player WHERE (sport_id = %%s AND (first_name LIKE '%%s%'))", (sport.id, qword, sport.id, qword))
I apologize for the long one-liner, but I wanted to avoid using a triple-quoted string while trying to debug this type of issue.
When I execute or repr this queryset object, I get exceptions like this:
*** ValueError: unsupported format character ''' (0x27) at index 133
That's a single-quote in single quotes, not a triple-quote. If I get rid of the single-quotes around the LIKE clauses, then I get a similar exception about the close-paren ) character that follows the LIKE clause.
Apparently Django and MySQL disagree on the correct syntax for this query, but is there a syntax that will work for both?
Finally, I'm not sure that my %%s syntax for string interpolation is correct, either. The Django docs suggest that I should be able to use the regular %s syntax in the arguments for raw(), but several online resources suggest using %%s or ? as the placeholder for string interpolation in raw SQL.
My sincere thanks for just a little bit of clarity on this issue!
I got it to work like this:
qword = word + '%'
Player.objects.raw("SELECT * FROM myapp_player WHERE (sport_id = %s AND (last_name LIKE %s)) UNION SELECT * FROM myapp_player WHERE (sport_id = %s AND (first_name LIKE %s))", (sport.id, qword, sport.id, qword))
Besides the fact that %s seems to be the correct way to parameterize the raw query, the key here was to add the % wildcard to the LIKE clause before calling raw() and to exclude the single quotes from around the LIKE clause. Even though there are no quotes around the LIKE clause, quotes appear in the query ultimately sent to the MySQL sever.
i try to fetch a result with this request, which works in phpayadmin:
$result_med = db_query("SELECT node.nid AS nid,
node.created AS node_created
FROM dr_wiwe_node node
LEFT JOIN dr_wiwe_content_type_classified node_data_field_classified_valid_till ON node.vid = node_data_field_classified_valid_till.vid
WHERE ((node.type in ('classified')) AND (node.status <> 0))
AND (DATE_FORMAT(STR_TO_DATE(node_data_field_classified_valid_till.field_classified_valid_till_value, '%Y-%m-%dT%T'), '%Y-%m-%d\T%H:%i:%s') >= '2010-09-16T22:34:05')
ORDER BY node_created DESC LIMIT 1");
var_dump($result_med);
while ($node = db_fetch_object($result_med)) {
//var_dump ($node);}
In the hardcoded php Version it returns nothing. If I var_dump $result_med, I am getting:
resource(552) of type (mysql result)
Where is my error?
The problem is probably caused by db_query() treating parts of your datetime formatting strings as query parameters, which it tries to replace.
So you'll need to add additional '%' characters to your existing ones to escape them, thus preventing the parameter substitution process from trying to replace them.
See the "If a query that has % in them" comment from the db_query api documentation for an example.
A cleaner/more readable solution might be to just use '%s' placeholders for the formatting strings in the query and then add the actual formatting strings as arguments to the db_query call, as suggested by Eli.