Does MySQL allows to create database which has dot (.) in its name?
I'm using MySQL 5.1.22.
You can't use the dot in a database name. Also, I'd avoid using it in any identifier. A common convention is to use underscore instead. It will serve the same purpose and will avoid a LOT of confusion. If you do have a good reason for using strange and otherwise-illegal characters in a table or field name, then you have to escape it.
to escape identifiers in MySQL, use the backtick:
SELECT `select`, `some.field name`, `crazy()naming+here`
FROM `my-=+table`
Getting into the habit of backticking all field names regardless of whether you need to is a good practice in my opinion, but that's another story.
You can use . in names from MySQL 5.1.6 according to the documentation.
However, as has been said and will said again, please don't do it. For every problem you think you're solving now you'll be creating five which will bite you later on. Since . is used to qualify names - e.g. database.table or table.column you'll have to quote your database name every time you use it.*
You can do this with backticks:
CREATE TABLE `do.not.do.this` (col INT);
or using double quotes if you set the following option:
SET sql_mode='ANSI_QUOTES';
CREATE TABLE "asking.for.problems" (col INT);
* Not strictly true - you have to quote any character that's not alphanumeric or _ or $ , but . is a particularly troublesome option to have in your names.
Before MySQL 5.1.6, database and table names cannot contain /, \, ., or characters that are not allowed in file names (see 8.2. Schema Object Names).
In versions after 5.1.6 you have to quote your tablename with a backtick (`) - but as others also advised: you shouldn't do this to prevent any unnecessary trouble.
MySQL 5.0.22 doesn't appear to allow it:
% mysqladmin -uroot -pXXX create foo.bar
mysqladmin: CREATE DATABASE failed; error: 'Incorrect database name 'foo.bar''
Even it if it did allow it, I would strongly recommend against it.
At the very least you'd have to escape any reference to that database with backticks in every single query that ever uses it.
Related
I am trying to create a database but I can not figure out how to escape the - sign in the database name.
mysql> create database happy-face;
gives me an error
mysql> create database happyface;
works without problems
How can I escape the - sign in the name of the database ?
You could quote the name with backticks
mysql> create database `happy-face`;
but you might want to avoid names that require backticks since it makes your life a little more complicated.
I have used backticks (`) in some SELECT queries to escape fields such as 'first-name'. This will work on MySQL. These queries are run through a DBO class in a php application and I would like the application to be able to use other database servers, such as MSSQL and Posgres.
What is the best approach for allowing problematic field names to be used across all of these database servers? I was thinking of taking the fields as an array and quoting them with the escaping character that is appropriate to each.
[EDIT]
To clarify: I am building a tool that will be used to map configurations stored within the php application to the fields of an external database. I wanted to escape these as a precaution because I have no idea what field names will actually be mapped to and used within the queries.
The solution is very simple: do not use reserved words as identifiers. It makes the code more difficult to read anyways.
If you really need to use such words (as in "there is some obscure reason beyond your control"), you can just prefix all your identifiers by an arbitrary character, such as _ for example.
The cross-DBMS mechanism (as defined in SQL-92 and other standards) is using double-quoted delimited identifiers. According to this reference it's widely supported.
It's worth nothing that MySQL allows to enable/disable this syntax so you still need to ensure that session settings are correct before issuing any query.
MySQL uses backticks (`) by default, but can be configured to support proper ANSI quoting.
IMO: If you're connecting to MySQL, set it to ANSI mode, and while you're at it enable every STRICT option it has. It becomes much easier to write code that's portable against it then.
Of course, the best option has to be not using reserved words, but the list of reserved words can change over time so rigorous quoting isn't such a bad idea.
The proper way of escaping is not to use field names that need escaping.
If you still have to use escaping - use ". It is the standard one (defined by ANSI SQL).
Postgres and Oracle understand " escaping. But i do not know about MSSQL an MySQL.
I would like to use reserved words such as "user" or "right" as table or column names in my databases. Until now I've been using back quotes, but I read somewhere that they are MySQL specific, and I would like to preserve database compatibility. I've also read about using ANSI mode with MySQL to avoid using back quotes, but I want everything in my apps to be UTF-8.
What can I do to use reserved words without using back quotes or losing cross database compatibility ?
MySQL supports the ANSI standard of using double quotes surrounding identifiers such as table and column names. You have to enable this option since by default MySQL recognizes both single and double quotes as enclosing string literals:
http://dev.mysql.com/doc/refman/5.1/en/server-sql-mode.html#sqlmode_ansi_quotes
I thought there would be another question about this but I was unable to find one. In MySQL with PHP I usually encapsulate my field names with backticks to mask any reserved names or characters. However, one of my colleagues has pointed out that this can also be achieved using square brackets. Excluding the fact that the backticks are not compatible with SQL server (apparently), what is the difference? Which should I use?
SELECT `username` FROM `users`
SELECT [username] FROM [users]
SQL Server/T-SQL uses square brackets (as well as MS Access), while MySQL uses backticks.
As far as I know, can turn up in documentation, or use in testing, square brackets are not valid for MySQL. So if you need to enclose a keyword as a table name in SQL Server, use [], and in MySQL use backticks, or double-quotes when ANSI_QUOTES is enabled.
From the documentation:
The identifier quote character is the backtick (“`”):
mysql> SELECT * FROM `select` WHERE `select`.id > 100;
If the ANSI_QUOTES SQL mode is enabled, it is also permissible to quote identifiers within double quotation marks:
mysql> CREATE TABLE "test" (col INT);
ERROR 1064: You have an error in your SQL syntax...
mysql> SET sql_mode='ANSI_QUOTES';
mysql> CREATE TABLE "test" (col INT);
Query OK, 0 rows affected (0.00 sec)
Both are non-standard ways to quote object names that should either be case-sensitive, are a reserved word or contain special characters that are not allowed otherwise.
The standard quoting character for such an identifier is a double quote. To be ANSI SQL compatible, you should use them:
SELECT "username" FROM "users"
But note that quoted identifiers are case-sensitive as per ANSI SQL. However both mentioned products do not obey to this requirement. Whether such an identifier is case-sensitive or not depends on a several (different) configuration settings in MySQL and the database collation in MS SQL Server.
Both DBMS can (and in my opinion should) be configured to accept the ANSI standard quote characters as well.
I would strongly recommend to avoid any object name that requires quoting. Using identifiers that do not require quoting will save you a lot of trouble in the long run.
I am trying to update a field using
UPDATE table set field='some_variable' where id=1;
The problem here is that the some_variable comtains data with multiple special characters in it. so I am not able to use 'some_variable' or "some_variable" as it breaks and fails when it encounters the first same character(' or "). How can I overcome this?
Thanks.
Mike
There are two solutions, the first is to use mysql_real_escape_string() the second is to use prepared statements. You have not mentioned what your programming language is but it's sure to support either prepared statements or real escape.
In addition to real escape, if your field is a char or varchar you should modify your query as follows:
UPDATE table set field='some_variable' where id=1;
Generally, you just need to escape the reserved characters -- see MySQL docs for specific reference. If you are directly executing the query (ie: in mysql shell), you'll have to escape manually. Most languages will supply a function to escape for you -- in PHP, for example, it's mysql_real_escape_string().