Using EXCEPT operator on MySql 5.1 version - mysql

I have 5.1 MySQL version on my server. I am trying to perform this query:
SELECT File_Name
FROM Words_DB
WHERE Word_Name=" . $element . "
EXCEPT
SELECT File_Name
FROM Files_DB
WHERE Display=0
I am getting an error:
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'EXCEPT SELECT File_Name FROM Files_DB WHERE Display=0' at line 4
Can someone tell me how can i perform this query in an alternative form?
Thank you, Max.

As far as I know MySQL does not support theEXCEPToperator. Try this instead:
SELECT File_Name
FROM Words_DB
WHERE Word_Name=" . $element . "
AND File_Name NOT IN (
SELECT File_Name
FROM Files_DB
WHERE Display=0
)
You could also use either a correlatedNOT EXISTSor aLEFT JOIN. As I don't use MySQL much I can't say which performs best.

I think you can find better answers on the following site:
http://www.tutorialspoint.com/sql/sql-except-clause.htm
It says you can use except query. But you can also use answer provided by JPW above that instead of using except you can use NOT IN key word which works in the same way.

Related

Getting an error after using PHP & MySQL code

I get the usual errors ( already tried to read previous questions ) Query failedYou have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''','',now(),'','This is great! ','', 'published')' at line 1
Thank you for helping!!
Here is my code:
My Code
The page in question is here:enter link description here
Thanks you very much for helping
The problem was on the line 20--> $query .= "VALUES({$post_category_id}. It need to be quotes around '{$post_category_id}'.
I don't know exactly why. the category id is a number , so for that shouldn't be around quotes because is a number.That's how our teacher explained to as.Thanks for your help.
The $connection variable isn't defined anywhere...
I just populated your page with some example data and that was the query I got:
INSERT INTO posts(post_category_id, post_title, post_author,post_date,post_image,post_content,post_tags,post_status) VALUES(,'','',now(),'',' Test','', 'Test')
The problem is near the VALUES keyword: VALUES (, is wrong. You should check first if every input value is populated correctly, eg if $post_category_id is defined with a valid value.

How to search in multiple columns on same table? (fat free framework)

I need to search same query on multiple columns using fatfree.
This works correctly on one column:
$f3->set('list', $users->find(array('name LIKE ?','%'.$queries.'%')));
However, if I try:
$f3->set('list', $users->find(array('name, email LIKE ?','%'.$queries.'%')));
I get error:
PDOStatement: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' email LIKE '%invent%'' at line 1
How can I do this?
Regards.
It should be:
$f3->set('list', $users->find(array(
'name LIKE ? OR email LIKE ?',
'%'.$queries.'%',
'%'.$queries.'%'
)));
NB: PDO doesn't allow to use a same placeholder twice so you have to give twice the same argument ('%'.$queries.'%').

MySQL v.4.0.27 UPDATE + SELECT

UPDATE product
INNER JOIN erpproduct on erpproduct.ProductId = product.ProductId
SET
product.ProductTypeId = (SELECT productTypeId FROM productType WHERE producttype.producttypeName = 'MyProductTypeName' LIMIT 1 ),
WHERE erpproduct.ErpProductId = 123123123;
i got an error : "You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'Select producttype ..."
MySQL version is 4.0.27, it seems that MySQL doesn't allow Select to specify a SET value. Without SELECT everything goes just fine. Is this the case or am I doing something wrong in the statement ?
This extremly old version of MySQL doesn't support subselects. You need MySQL v4.1 as a minimum.
I quote from the relevant part of the manual of those old versions:
With MySQL versions prior to 4.1, it was necessary to work around or
avoid the use of subqueries. In many cases, subqueries can
successfully be rewritten using joins and other methods. See Section
12.2.8.11, “Rewriting Subqueries as Joins for Earlier MySQL Versions”.

Hibernate SQL Injection

I'm auditing a project and I found a way to inject data in a query.
The project uses Hibernate and for this piece of code Session.createSqlQuery() and then a .list()
The SQL is something like : "SELECT * FROM tablename ORDER BY column XXXXXX"
XXXXXX can be modified using Fiddler. So I tried
SELECT * FROM tablename ORDER BY column DESC; truncate table tablename;
Unfortunately (well only for my injection attempt) it's not working and I'm getting :
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'truncate table tablename'
My question is, since they're using createSQLQuery, are they safe from injection. If they're not, could you give me an example to highlight the issue.
I tried using %08 (Backspace character) thinking I would be able to delete previous query characters for example (It didn't work ;) )
Thanks.
After some research it seems I won't be able to modify data with this security hole, however using ORDER BY (CASE WHEN ...) would allow to "scan" the tables and the data.
Is the column name specified using a parameterized statement or are you just concatenating text?
ex: in perl::DBI, the drivers support the following syntax:
$dbh->do("SELECt * FROM asdf ORDER BY ?", undef, $order_by);
The ? there is a form of parameterized statement which sanitizes the input automatically.

C# MySql Syntax Exception when querying against an IP addres

I'm querying against an IP address stored in a table of a database with the following:
"SELECT user_id, is_login FROM users WHERE last_ip_address = '" + this.GetIPAddress() + "'"
I know that the IP is in the table because I see it there. I'm literally staring at it, but this query returns no rows.
When I run it without the single tick quotes ('), I get a syntax error:
"SELECT user_id, is_login FROM users WHERE last_ip_address = " + this.GetIPAddress()
So where is this going wrong? The IP returned by the function is the standard format ###.###.###.### IP address, and the syntax error itself is this:
{"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '.##.#' at line 1"}
Edit: Some more info, the field itself is a varchar(30) type, and it says Collation = latin1_swedish_ci, but I don't even know what that is.
Thanks
Try using a LIKE then:
"SELECT user_id, is_login FROM users WHERE last_ip_address LIKE '%" + this.GetIPAddress() + "%'"
Edit: I would try to change that collation to UTF8.
Okay I am sorry for the confusion. I am very new to using MySql with C# and very VERY new (like I mean I just started today) with MySqlConnector.
To make a long answer short, I was trying to treat the table like, well, a table, and just read from it like a two dimensional array, when what I needed to be doing was using the MySqlDataReader. I found a good answer here:
How to read columns and rows with C#?
Thanks all for your help and advice.