I have a website where a user can upload images for a real estate property.
The table structure:
image_id
property_id
userid
filename
thumbfilename
display_order
timestamp
The scenario:
When a user uploads multiple pictures, he / she SHOULD be able to set the primary photo from their uploaded images for the specified property.
The code:
$sql = 'UPDATE property_images SET display_order = display_order + 1 WHERE property_id = "' . $this->_request->getParam('propertyid') . '"';
$images->getAdapter()->fetchAll($sql);
$images->update(array("display_order" => 1), 'image_id = "' . $this->_request->getParam('imageid') . '"');
The issue:
I receive a "general error" when calling $images->getAdapter()->fetchAll(); The SQL is however executed successfully but Zend_DB_Table throws an exception and will not proceed to the next command. Any ideas / suggestions would be appreciated.
1) First, recognize that you need to fix your code so that you're escaping the user input. You are currently very vulnerable to SQL Injection.
2) Why are you passing an UPDATE query to fetchAll()?
3) Look at Zend_Db_Expr
Nevermind,
The solution:
$sql = 'UPDATE property_images SET display_order = display_order + 1 WHERE property_id = "1004" AND display_order < 3;
$images->getAdapter()->query($sql);
$images->update(array("display_order" => 1), 'image_id = "2003"');
This will grab the third image and set it to 1 after setting the images that had display order of 1 and 2 to 2 and three respectively.
Related
I'm new to MySQL and I'm trying to make the following pseudocode work:
SELECT IF(
EXISTS(SELECT * FROM users WHERE `email`="admin" AND `token`="blablabla"),
(UPDATE * FROM sometable WHERE `var`="notimportant"),
"NOT_AUTHORIZED");
What I'm trying to achieve is running code based on the presence of a row, and if it doesn't exists return a message, or something usable. If it does exists, run another SQL command instead, and return those results.
Is this possible?
Your intent is a bit hard to follow from the invalid syntax. But the gist of your question is that you can use a where clause:
UPDATE sometable
SET . . .
WHERE var = 'notimportant' AND
EXISTS (SELECT 1 FROM users WHERE email = 'admin' AND token = 'blablabla');
You can also represent this as a JOIN. Assuming the subquery returns at most one row:
UPDATE sometable t CROSS JOIN
(SELECT 1
FROM users
WHERE email = 'admin' AND token = 'blablabla'
LIMIT 1
) x
SET . . .
WHERE var = 'notimportant' ;
I am trying to follow the following blog and use an UPDATE, IF, INSERT INTO statement seeing that it will no go over my data twice.
Please note it is for php.
The statement that I have is as follows
$query = "UPDATE
" . $this->table_name2 . "
SET
batch = :batch,
created = :created
WHERE
id = :id
IF row_count() = 0
INSERT INTO " . $this->table_name2 . "
SET
id=:id,
batch=:batch,
created=:created";
But my return value always comes back as false, and I do not know where the problem is.
If I try the first half of the statement it updates the information:
$query = "UPDATE
" . $this->table_name2 . "
SET
batch = :batch,
created = :created
WHERE
id = :id
And if I try the second half of the statement it INSERTS the information:
INSERT INTO " . $this->table_name2 . "
SET
id=:id,
batch=:batch,
created=:created";
I do not find any help after allot of searching so far, and I feel that somehow my IF statement may not be correct, but I do not even get info on the IF row_count() = 0 in the docs.
The IF statement is available in stored procedures only.
If id is the primary key (or unique) this should work for you:
INSERT INTO " . $this->table_name2 . "
SET
id = :id,
batch = :batch,
created = :created
ON DUPLICATE KEY UPDATE
batch = :batch,
created = :created
This will execute the INSERT statement only, of the ID does not exits yet. If it already exists, it will execute the UPDATE part.
I have 2 tables
Table1
ID . Name . Position
= = = = = = = = = = = =
10 . Mike . Analyst
20 . Anna . HR
30 . Mark . Accountant
Table2
Deal ID . Status
= = = = = = = = = = = =
10 . . . . . Active
19 . . . . . New
20 . . . . . New
I want to add a new Calculated Column in Table1 with this logic :
If ID found in Table2 then return Position, ELSE return "NONE"
so the output table should be like this
Outout
ID . Name . Position . . . . **NewCol**
= = = = = = = = = = = = = = = = =
10 . Mike . Analyst . . . . . **Analyst**
20 . Anna . HR . . . . . . . . **HR**
30 . Mark . Accountant. . **NONE**
There are two ways to accomplish that.
Query Based Result
If you just want to display the information every time you need it, the simplest, cleanest and efficient way is just to perform a SELECT within the tables. In addition, the data will allways be updated, because the query runs over the actual table state.
So, the query would look like this:
SELECT T1.*, IF(T2.ID IS NULL, 'NONE', T1.Position) As NewPos
FROM Table1 T1 LEFT OUTER JOIN Table2 T2
ON (T1.ID = T2.ID)
This query will show the position if found on Table2 and, if not, it will display NULL value, so it may be useful for your needs.
Database Modification and Data Inserting
The other way, is to alter the Table1 structure to add the column Position. The existence of the column is referred to the table architecture, it is not value dependant, so you can't alter a Table and adding the column based on row values.
So, the first step to do is to alter the table adding the column, something like this:
ALTER TABLE table1 ADD COLUMN Position VARCHAR(50);
The second step is to fill the data. For this, you will have to perform an UPDATE to fill the data you have just created, something like this.
UPDATE Table1 T1 LEFT OUTER JOIN Table2 T2
ON (T1.ID = T2.ID)
SET T1.Position = IF(T2.ID IS NULL, 'NONE', T1.Position);
This query will update the rows which also exists in Table2 referenced by ID and will put its position.
The problem of this way it's that if you perform this and after, you add rows to Table1 and Table2, the information will not be updated and you'll have to do the UPDATE query every certain time, which is database and time cost.
So, if the application is not too big, in this case is better to use just the SELECT query, which involves less cost, performance and database changes.
There are two types of records in my Db such as MS-NW and CS in the same column of table DICIPLINE I want to wrap if its CS (ANY TWO STRING LIKE CS,TE OR THE LIKE) then wrap it to BS(CS) (OR BS(TE) ETC) or if its MS-NW (Or MS-CS, MS-TE and the like) then wrap it to MS(NW) from the column dicipline.
I updated for two strings successfully and following is the query for that kindly let me know how can i do it for values like MS-NW OR MS-CS and convert it to the format like MS(NW) from following query .
UPDATE DEG set DICIPLINE = concat("BS(",DICIPLINE,")") where CHAR_LENGTH(DICIPLINE) = 2
The below query helps you to update your data.
update deg set DISIPLINE = if(length(DISIPLINE)= 2,concat('BC(',DISIPLINE,')')
,concat('MS(',substr(DISIPLINE, 4,4),')'));
See Sqlfiddle demo.
For safety, create a temporary column of same type and perform an update like this:
UPDATE deg
SET dicipline_temp = CASE
WHEN CHAR_LENGTH(dicipline) = 2
THEN CONCAT('BS(', dicipline, ')')
WHEN CHAR_LENGTH(dicipline) = 5 AND SUBSTRING(dicipline, 3, 1) = '-'
THEN CONCAT(REPLACE(dicipline, '-', '('), ')')
END
WHERE CHAR_LENGTH(dicipline) = 2 OR (CHAR_LENGTH(dicipline) = 5 AND SUBSTRING(dicipline, 3, 1) = '-')
If results are acceptable, update the actual column.
I have this mysql query:
SELECT
freeAnswers.*,
(SELECT `districtCode`
FROM `geodatas`
WHERE `zipCode` = clients.zipCode
GROUP BY `zipCode`
LIMIT 0, 1) as districtCode,
clients.zipCode,
clients.gender,
clients.startAge,
clients.endAge,
clients.mail,
clients.facebook,
surveys.customerId,
surveys.activityId,
surveys.name as surveyName,
customers.companyName,
activities.name as activityName
FROM freeAnswers,
clients,
surveys,
customers,
activities
WHERE freeAnswers.surveyId = surveys.id
AND surveys.customerId = customers.id
AND activities.id = surveys.activityId
AND clients.id = freeAnswers.clientId
AND customers.id = 1
ORDER BY activityName asc
LIMIT 0, 10
the query is correct on my mysql server but when I try to use it in Zend Framework 1.11 model
I get this error: Mysqli prepare error: Operand should contain 1 column(s)
Please, could anyone help me to make it run well?
Best Regards,
Elaidon
Here is some code that should work. Zend_Db_Select doesn't really provide a way to select from multiple tables in the FROM clause without using a JOIN so this feels a bit hackish to me in regards to one small part of the query. Your best bet will probably be to rewrite the query using JOINs where appropriate.
$subselect = $db->select()
->from('geodatas', 'districtCode')
->where('zipCode = clients.zipCode')
->group('zipCode')
->limit(1, 0);
$from = $db->quoteIdentifier('freeAnswers') . ', ' .
$db->quoteIdentifier('clients') . ', ' .
$db->quoteIdentifier('surveys') . ', ' .
$db->quoteIdentifier('customers') . ', ' .
$db->quoteIdentifier('activities');
$select = $db->select()
->from(array('activities' => new Zend_Db_Expr($from)),
array('freeanswers.*',
'districtCode' =>
new Zend_Db_Expr('(' . $subselect . ')'),
'clients.zipCode', 'clients.gender', 'clients.startAge',
'clients.endAge', 'clients.mail', 'clients.facebook',
'clients.customerId', 'clients.activityId',
'surveyName' => 'surveys.name', 'customers.companyName',
'activityName' => 'activities.name'))
->where('freeAnswers.surveyId = surveys.id')
->where('surveys.customerId = customers.id')
->where('activities.id = surveys.activityId')
->where('clients.id = freeAnswers.clientId')
->where('customers.id = ?', 1)
->order('activityName ASC')
->limit(10, 0);
The only reason I say it is hackish is because of the line:
->from(array('activities' => new Zend_Db_Expr($from)),
Since from() really only works with one table, I create a Zend_Db_Expr and specify the correlation as the last table name in the expression. If you don't pass a Zend_Db_Expr, it will either quote your comma separated table name incorrectly, or if you pass an array of table names, it just uses the first. When you pass a Zend_Db_Expr with no name, it defaults to use AS t which also doesn't work in your case. That is why I put it as is.
That returns the exact SQL you provided except for the last thing mentioned. Here is actually what it returns:
SELECT
`freeanswers`.*,
(SELECT `geodatas`.`districtCode`
FROM `geodatas`
WHERE (zipCode = clients.zipCode)
GROUP BY `zipCode`
LIMIT 1) AS `districtCode`,
`clients`.`zipCode`,
`clients`.`gender`,
`clients`.`startAge`,
`clients`.`endAge`,
`clients`.`mail`,
`clients`.`facebook`,
`clients`.`customerId`,
`clients`.`activityId`,
`surveys`.`name` AS `surveyName`,
`customers`.`companyName`,
`activities`.`name` AS `activityName`
FROM `freeAnswers`,
`clients`,
`surveys`,
`customers`,
`activities` AS `activities`
WHERE (freeAnswers.surveyId = surveys.id)
AND (surveys.customerId = customers.id)
AND (activities.id = surveys.activityId)
AND (clients.id = freeAnswers.clientId)
AND (customers.id = 1)
ORDER BY `activityName` ASC
LIMIT 10
So that will work but eventually you will want to rewrite it using JOIN instead of specifying most of the WHERE clauses.
When dealing with subqueries and Zend_Db_Select, I find it easy to write each subquery as their own queries before writing the final query, and just insert the subqueries where they need to go and Zend_Db handles the rest.
Hope that helps.