I have Delphi application with mydac stored procedure component which takes an utf8 encoded xml file's content as string parameter.
It works with navicat and other db managment programs when I put this xml content copy-paste from file to procedure like
CALL sp_saveit('<xml>garry's<otherdata> data data....</xml>);
But when I try to call it from delphi it throws error
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'CALL sp_saveit('<?xml version=\"1.0\" encoding="UTF-8"?><Main><Detail z') at line 1
Am following those steps:
delphi finds and reads file contents into a TStringStream with LoadfromFile MyStream.LoadFromFile(Sp_xmlfile);
then am passing contents to stored procedure T_ContentsSP.ParamByName('XmlFile').AsWideString := MyStream.DataString;
Also I've tried to compress this data with delphi's zlib and send as blob, I've tried to change ' with ' but result was same.
How can I send a long string with single and double quotes inside as parameter for sp with delphi?
p.s : sorry for my english.
From your post, I see that you tried to use a constant value (I put this xml content copy-paste) and a parameter (T_ContentsSP.ParamByName('XmlFile')). Also, try to show error text for the command you are used, and not for a different command.
When you are using parameters you does not need to do any special preparation. Data access components have transparently send parameter values to a DBMS. If they have tracing output, then check the trace, what library is sending to a DBMS. Parameter usage is always prefered agains literal usage !
When you are using a constant, then you should (more):
double each single quote inside of the constant and prepend it by '\'. So, a ' will become \''.
double quotes rather not need a special handling.
probably disable macros handling, because '&' may be a macro specifier in the data access library.
Related
I have a requirement to produce test data files using the same formatting as the source files they are supposed to mimic (row delimiter, column delimiter, encoding, etc..). There is a process that reads files from an MS SQL database and creating files as output.
I have made a dataset with parameters that can supply the definition of the dataset at runtime. The problem I have is the following error is raised on execution:
Copy activity doesn't support multi-char or none row delimiter.
The parameter that is causing the error is the row delimiter. I have tried:
\r\n
\r
\n
n
r
r,n
\r,\n
I read this Custom Row Delimiter in Azure Data Factory (ADF) where someone says they have been able to make a likewise solution work.
I can output a file using either r or n but there is no separation of data over lines. I also read in another post that this is not supported but that is hard to believe because you can use the default option to create this particular row delimiter behavior.
As per official documentation Currently, row delimiter as empty string is only supported for mapping data flow but not Copy activity.
So, passing "\r\n" as a parameter will pass "\\r\\n" for some reason.
And you can circumvent the error by editing the source code.
There was a similar question here: here
It's not the solution you're looking for, but at least it tells you how to get around the error and why you've got the error.
I am receiving data into an REST API, and I want to insert it as XML code into a database. When I later read the record from the database, I expect well-formed XML code.
data=str(request.data)
cur=mydb.cursor()
currentDT = datetime.datetime.now()
val=data.replace("'","''")
cur.execute("insert into MyXMLApi(dateofInsertion,xmlData) values('%s','%s')"%(str(currentDT),val))
mydb.commit()
This is what I expect to see in the database:
"<note>
Don't forget me this weekend!
</note>"
However, this is what I actually get:
'b"<note>
Don''t forget me this weekend!
</note>"'
So I have three issues here.
I have to deal with single quotes in the XML code.
It should be stored as proper XML code.
When I read from the database, I can't get the right code.
request.data is a bytestring in Flask. (See property data and get_data() in the docs.) But you want to save it as non-byte, just plain string to your database. Converting with str() is not the way to do it.
Assuming you want a UTF-8 string, replace your first line with
data=request.data.decode('UTF-8')
Then you will be able to save it to your database.
About the single quotes, I don't think you should escape them yourself. Use parameter binding, and the library will do it for you.
(By the way, this sounds like a very strange use-case. Why not store data in your table as field note?)
So i wanted to save some tags data to the database from the UI form,
Tags: ["male","female","kids"]
I tried everything like but it saves as a string, ialso tried checking if i can alter the data type to array in mysql, or json but i got this
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'JSON(255) NOT NULL' at line 1
I also tried json_encode and json_decode() but still no head so please what can i do?
There isn't any data type as JSON or Array in DB.
What you can do is use the tags field as TEXT as told by #Rick James and then encode your input as json by using json_encode() method before inserting and decode it after retrieving the data from DB by using json_decode() method.
JSON is basically a minimal, readable format for structuring data. Which means it can be considered as a String.
Here is a good post about JSON, in case you need.
What is JSON?
There is no datatype called JSON. Instead use TEXT without the (255).
I am trying to import table from Oracle db to sql server 2008 through SSIS. I am getting upside down special character in one columns. Please let me know if we could handle with variable or data conversion tool.
Within the derived column transformation you can utilize the Replace Function in an expression to remove this character with a "" (0 value blank). You may need to use a text editor like notepad ++ with the "Show All Characters" option turned on to see the offending character so that you can place this in your SSIS expression.
I am working with the node driver for MySQL by felixge. Following the documentation
https://github.com/felixge/node-mysql#escaping-query-values
strings should be escaped before passed into the MySQL to avoid injection attacs.
My question is: should data be "unescaped" in some way after loaded from MySQL?
Currently, I have a problem with data integrity: I start with a string containing newlines. (printing with console.log(string) shows newlines in the console). After escaping the string, it is saved into a MySQL database. However, after the string is loaded back into memory, a console.log(string) shows escape codes \n instead of newlines.
before passed into the MySQL to avoid injection attacks.
This statement is wrong.
First, strings should be escaped because of syntax rules, not whatever injections.
Second, I hope they have some recipe for the non-strings too.
Should escaped strings be “unescaped” (MySQL)
No.
Escaping is for the query, not database.
shows escape codes \n instead of newlines.
you are escaping your strings twice then