Is there any equivalent for the Oracle DBMS function DBMS_LOB.SUBSTRING on Mysql?
if not how can I get the text of BLOB in MYSQL server? (I only need to use SQL no other programming languages)
Please try dbms_lob.substr which is equivalent to DBMS_LOB.SUBSTRING
Get the Oracle value passed to dbms_lob.substr and prefix the value with 0x without quotes for the MySQL insert statement.
I did tried for my case and succeeded.
Related
I see JOOQ doesn't support MySQL's IF Function, But I find iif() in DSL.java, it's SQL Sever style, I used it in MySQL, it works well, so can I use iff() in My MySQL query?
It's my test code
dslContext.select(EMPLOYEE.EMPLOYEE_ID,
DSL.iif(EMPLOYEE.ALGO.eq(1), EMPLOYEE.FULLNAME, EMPLOYEE.ACCOUNT).as("fullname"))
.from(EMPLOYEE)
.where(EMPLOYEE.EMPLOYEE_ID.eq(100)).fetchOneInto(Employee.class);
jOOQ 3.14 will add native support for MySQL's IF() via #10160. This isn't really a necessary feature, it's mere convenience compared to writing the equivalent CASE expression:
-- MySQL
IF (C, A, B)
-- Standard SQL
CASE WHEN C THEN A ELSE B END
If you prefer IF(), you can always write your own plain SQL template even before jOOQ 3.14
I'm using a MySql database and was trying to find a MySQL alternative to tedious.js (a SQL server parameterised query builder).I'm using Node.js for my backend.
I read that the .raw() command from knex.js is susceptible to sql injection, if not used with bindings.
But are the other commands and knex.js as a whole safe to use to prevent sql injection? Or am I barking up the wrong tree?
Read carefully from knex documentation how to pass values to knex raw (http://knexjs.org/#Raw).
If you are passing values as parameter binding to raw like:
knex.raw('select * from foo where id = ?', [1])
In that case parameters and query string are passed separately to database driver protecting query from SQL injection.
Other query builder methods always uses binding format internally so they are safe too.
To see how certain query is passed to database driver one can do:
knex('foo').where('id', 1).toSQL().toNative()
Which will output SQL string and bindings that are given to driver for running the query (https://runkit.com/embed/2yhqebv6pte6).
Biggest mistake that one can do with knex raw queries is to use javascript template string and interpolate variables directly to SQL string format like:
knex.raw(`select * from foo where id = ${id}`) // NEVER DO THIS
One thing to note is that knex table/identifier names cannot be passed as bindings to driver, so with those one should be extra careful to not read table / column names from user and use them without properly validating them first.
Edit:
By saying that identifier names cannot be passed as bindings I mean that when one is using ?? knex -binding for identifier name, that will be rendered as part of SQL string when passed to the database driver.
Before, I use find_in_set(idField,:ids) in mySQL to delete or update multi field with ids separated by comma, example:
UPDATE USER SET name = 'a' WHERE find_in_set(id,'1,2,3,4') > 0
How do I can customize the query and use it in SyBase ?
NOTE: You haven't mentioned which Sybase database product you're using (ASE? SQLAnywhere? IQ? Advantage?), nor the version. While ASE does not have anything like find_in_set(), I can't speak for the other database products.
From an ASE perspective you have a few options:
create your own user-defined function; you have T-SQL (since ASE 15.0.2) and Java options
build a dynamic query and submit via execute()
rewrite your query to use available ASE functions (eg, patindex(), charindex())
rewrite your query to use the like operator (see alternate to find_in_set() for non-MySQL databases for an example)
As Sybase does not have function like find_in_set, you have couple of options: google a function which parses the comma separated list to a temp table or use dynamic SQL with execute-command.
Is there a mysql equivalent of pg_query_params?
Check mysqli_prepare() or PDOStatement(). Both are a bit different, but still use a prepared statement.
Some days ago I asked a question about my problem and I was advised to use CONCAT_WS function. I am using CONCAT_WS on my local mysql database and it is working perfectly. But it is not working on server(application hosted) and generate the following error.
FUNCTION test.CONCAT_WS does not exist
Here test in error string is my database name on server.
My query is like this:
SELECT * FROM patient WHERE CONCAT_WS (',', LastName,FirstName,BirthDate ) NOT IN ('Abdul,Quddus,2000-09-30','Wasim,Akram,1993-09-12');
Can someone tell me the problem or suggest me another solution asked in linked question above ?
Thanks
The easiest way to fix it is by removing the whitespace between the function name and the parenthesis, i.e. CONCAT_WS(...) instead of CONCAT_WS (...).
From the MySQL Manual:
By default, there must be no
whitespace between a function name and
the parenthesis following it. This
helps the MySQL parser distinguish
between function calls and references
to tables or columns that happen to
have the same name as a function.
...
You can tell the MySQL server to
accept spaces after function names by
starting it with the
--sql-mode=IGNORE_SPACE option.
Also, this behavior depends on the MySQL version, this is why it works on one server and doesn't work on another, quote from the "Function Name Parsing and Resolution" manual page:
The number of function names affected
by IGNORE_SPACE was reduced
significantly in MySQL 5.1.13, from
about 200 to about 30.