Confused with selecting data from db in mysql [duplicate] - mysql

This question already has an answer here:
Syntax error due to using a reserved word as a table or column name in MySQL
(1 answer)
Closed 8 years ago.
I have 2 tables: PLAYER and GROUP.
When I call:
SELECT * FROM PLAYER
Everything is OK but when I call:
SELECT * FROM GROUP
There is error:
#1064 - You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near 'GROUP' at line 1`
I don't understand why there is such error.

GROUP is a reserved word and it must be escaped with back ticks.
SELECT * FROM `GROUP`
It's also better practice to avoid using table names or columns that are reserved words. Also, specify a column list and not use *.

GROUP is a reserved keyword . You have to escape it, like so
SELECT * FROM `GROUP`
Things to note:
It is highly recommended not to name the table group, it is better to use the plural Groups.
Also, try to avoid *.

Just as you use the reserved keywords SELECT and FROM for constructing your query, there are other reserved keywords like the ones in the following list that you may want to avoid when naming all your tables, views, constraints and columns.
List of (some) reserved keywords: WHERE, ORDER, GROUP, UPDATE, DELETE, CHECK, CHANGE, LIKE etc...
Therefore, in your case the DB Engine is complaining because a query
needs 1 mandatory clause SELECT and optional clauses FROM, WHERE,
ORDER BY, GROUP BY, HAVING, LIMIT etc... read more here
We might be tempted to use these keywords; especially if they've been modeled in our problem domain (or in the diagrams). For example, a client placing an order yields 2 Entities CLIENT and ORDER etc. or a mechanic performing a check giving MECHANIC and CHECK. or even a FACEBOOK_USER expressing a LIKE. or in your case there might be a GROUP of PEOPLE for example.
As a general rule, you can transform your entities like so to avoid problems:-
a) The Entity is always modeled (on paper) as singular as it represents a concept/asset/person in the real world or problem domain. eg. ORDER, LIKE, CHECK, STUDENT, CAR
b) the corresponding DB Table it is transformed into is always named using plural. The logic is that the table will contain lots of instances of that Entity. Therefore ORDERS, LIKES, CHECKS, STUDENTS, CARS
In the end, you decide because you really can use GROUP if you really
want or need to make your table name like a reserved word. Just
remember to give them a special treatment by putting them in quotes
using the backtick (“`”) when querying. At the moment of creation the DB engine
won't complain, trusting that you know what you're doing.

Related

Search for specific keyword in MYSQL

I'm almost new to mysql.
I wanted to write a query to search for specific keywords in a column where keywords are separated by the comma. but as I use the following code, it only returns the rows where I only have that specific keyword, not in combination with any other keywords.
In Table q16, I'm looking for a way to select rows that have my keyword in the "Area_of_concern" column, no matter if it's combined with other keywords or not:
SELECT *
FROM `q16`
WHERE area_of_concern like '%more education is needed%'
Here's an input example:
q16_id area of concern
1 more education is needed
2 more enforcement, change in strategy
3 change in strategy
4 more education is needed, change in strategy
5 transportation issue, more enforcement, more education is needed
Where I'm looking to get the rows with the keyword "more education is needed". So I should see row 1, 4,5 in the output
I think you should create a table where you have one column for keywords and one column for where those keywords are used: a foreign key for the q16 table in your case.
It will work much faster that way.
As for your question it is a duplicate of this one here, I believe.
How to search for rows containing a substring?
A quick try: try using double quotes instead of single ones, as in some systems, single quotes don't allow for escapes (special characters) inside them.

How to query a column named "OR" in BigQuery?

We unfortunately have a table with a column that has been written with the field name of "OR".
If we try to query this table - "SELECT OR FROM etc." we get an error because OR is a reserved word.
How do we query that column using BigQuery's legacy SQL queries? (We need that column and not others.)
We thought we could use "SELECT *" and BigQuery's "exclude" feature but isn't part of legacy SQL so we are unable to use it. Other ideas?
I ran into this issue when querying the Hacker News dataset. It appears the authors added a "by" column because they were replicating the API response keys. However, it's difficult to query and not best practice in database design.
I tried the brackets:
SELECT
[by] as author_name
FROM
`bigquery-public-data.hacker_news.full`
LIMIT
1000
but received the following error:
Syntax error: Unexpected keyword BY at [2:4]
Here is a query that works on the Hacker News dataset in BigQuery with Standard SQL Dialect:
SELECT
b.by as author_name
FROM
`bigquery-public-data.hacker_news.full` as b
LIMIT
1000
I know that you're looking for an answer using legacy SQL (and you found one using the bracket syntax), but for future readers, or, and, etc. are valid column names for query results in standard SQL. The following query will not return an error, for instance:
WITH T AS (
SELECT
1 AS `or`,
2 AS `and`
)
SELECT * FROM T;
We found another SO answer for this - except you need to do something additional to what they describe. You cannot just add brackets to the name - you also need to give it a new column name.
The answer is to query like this:
SELECT [OR] AS new_column_name FROM ...

Why does my SQL statement show unknown column in WHERE clause

I do not understand why I get an error saying "Unknown column 'cyclist.ISO_id' in 'where clause'"
SELECT name, gender, height, weight FROM Cyclist LEFT JOIN Country ON Cyclist.ISO_id = Country.ISO_id WHERE cyclist.ISO_id = 'gbr%';
It looks like your table name is Cyclist, not cyclist - capital C. In your WHERE clause your're therefore referencing the column of a table which does not exist.
This is mostly relevant with OS. Naming Conventions are case sensitive in Unix whereas not in windows OS. You can change the parameter value of lower_case_table_names system variable to 0/2 depending on OS. The detail explanation is available at http://dev.mysql.com/doc/refman/5.0/en/identifier-case-sensitivity.html
From the docs (with my emphasis):
Although database, table, and trigger names are not case sensitive on
some platforms, you should not refer to one of these using different
cases within the same statement. The following statement would not
work because it refers to a table both as my_table and as MY_TABLE:
mysql> SELECT * FROM my_table WHERE MY_TABLE.col=1;
Column, index, stored routine, and event names are not case sensitive
on any platform, nor are column aliases.
So use either cyclist or Cyclist but consistently.

What is the use of order by in sql injection

I am learning SQL injection and I can't quite seem to understand the order by statement.
The definition here in wwwschools is that this sorts the given table in ascending or descending. What happens when I use a integer?
For example.
Order by 1
http://www.w3schools.com/sql/trysql.asp?filename=trysql_select_orderby
When I use order by 1 in this example, I get Customer ID arranged from 1to 91.
When I use order by 2 in this example, I get customer ID arranged in a zig zag manner.
What is the reason for this behaviour? And how is order by used in sql injection to obtain the number of columns?
It may be useful as part of a blind SQL injection attack. You keep increasing the number (which indicates which column in the SELECT clause should be used to determine the sort order) until the server suddenly reports an error. You now know the number of columns in the SELECT clause of the query (it's one less than the number you just tried)
The order by 1 means sort by values of the first column from the result set.
The order by 2 means sort by values of the second column from the result set.
The order by clause in SQL has no direct relation to SQL injection AFAIK.
You asked two questions
Answer 1: Order By is used to order the result to the given SQL Query according to the Column Number given in SQL query.
For Example: Order by 1 means order the result based on the first column in ascending order by default.
Answer 2: We use Order By for SQL Injection to check whether a given website is prone to SQL injection or not.
For Example
If I write order by 1 in my SQL injection payload then it will give me some result
On the other hand if I write order by 100000 then it most probably will give an error because it is very unlikely that my Table has these many columns. So Order by is used to check whether a website is vulnerable to SQL Injection or not. And the error confirms that the database was trying to understand my SQL Query but couldn't do it.
It's second use is to find the number of columns in our Table which we are exploiting. If you want more information on this then feel free to reply me in the comments

Selecting a column that is also a keyword in MySQL

For some reason, the developers at a new company I'm working for decided to name their columns "ignore" and "exists". Now when I run MySQL queries with those words in the where clause, I get a syntax error; however, I can't seem to figure out how to reference those columns without running into an error. I tried setting them as strings, but that doesn't make any sense.
Help?
Also, is there a term for this kind of mismatch?
put the names in backticks:
`ignore`, `exists`
If you're working across multiple tables or databases you need to escape the database name, table name, and field name separately (if each matches a keyword):
SELECT * FROM `db1`.`table1`
LEFT JOIN `db2`.`table2` on `db1`.`table1`.`field1`=`db2`.`table2`.`field2`
Only the portions that actually match a keyword have to be escaped, so things like:
select * from `db1`.table
are ok too.
The official term is "idiocy" :-) You can put backticks around the names such as
`ignore`
but I would give serious consideration to changing the names if possible. Backticks are not standard SQL, and I prefer my column names to be a little more expressive. For example, ignoreThisUser or orderExists (the general rule I try to follow is to have a noun and a verb in there somewhere).
Interestingly, some DBMS' can figure out not to treat it as a reserved word based on context. For example, DB2/z allows the rather hideous:
> CREATE TABLE SELECT ( SELECT VARCHAR(10) );
> INSERT INTO SELECT VALUES ('HELLO');
> SELECT SELECT FROM SELECT;
SELECT
---------+---------+---------+--------
HELLO
DSNE610I NUMBER OF ROWS DISPLAYED IS 1