ex:
$sql = "INSERT INTO".$table_name."SET firstname = '".$firstname."',lastname= '".$lastname."',created_on = now()";
with that i found all queries.
My problem is that i need queries which isn't there mysql_real_escape_string.
Any idea?
Related
I created a query with query builder like this:
$qb = $em->createQueryBuilder();
$qb->select(['u.id', 'u.name'])
->from(User::class, 'u')
->where('u.active = 1')
;
$sql = $qb->getQuery()->getSql();
The result looks like this:
SELECT u1_.user_id as s1, u1_.full_name as s2 FROM users u1_ WHERE u1_.is_active = 1
I would like to execute it as a native query, but I have to find out, how to map s1, s2 to id, name.
you have to use as inside your select
using your example =>
$qb = $em->createQueryBuilder();
$qb->select(['u.id as s1', 'u.name as s2'])
->from(User::class, 'u')
->where('u.active = 1');
$sql = $qb->getQuery()->getSql();
this maps id to s1 and name as s2
Not sure I understand your question but if you want to run a native query with, in the result, the columns id and name, you can replace them in the query, they're aliases so they can be anything you want :
SELECT u.user_id as id, u.full_name as name FROM users u WHERE u.is_active = 1
I need to search on the concatenated data in UniData using UniQuery. what are my options?
Something like below:
SELECT CUSTOMER.DETAILS WITH (FIRSTNAME:LASTNAME) = "????"
Basically below is search criteria:
FIRSTNAME + LASTNAME = ?
Cheers
Try using EVAL to run a temporary expression in your query:
SELECT CUSTOMER.DETAILS WITH EVAL "FIRSTNAME : LASTNAME" = "????"
I found this blog post with other examples of EVAL as well
Want to parse sql join query, select sub query into python. I am using sqlparse library. But i could not parse sub query. How i can parse whole query.
e.g:
query = "select id,fname,lname,address from res_users as r left join res_partner as p on p.id=r.partner_id where name = (select name from res_partner where id = 1)"
query_tokens = sqlparse.parse(query)[0].tokens
I could not parse for this select name from res_partner where id = 1 sub query.
Not so elegant, but works:
import sqlparse
from sqlparse.sql import Where, Comparison, Parenthesis
query = """
select
id,fname,lname,address
from
res_users as r
left join
res_partner as p
on
p.id=r.partner_id
where
name = (select name from res_partner where id = 1)"""
query_tokens = sqlparse.parse(query)[0]
where = next(token for token in query_tokens.tokens if isinstance(token, Where))
condition = next(token for token in where.tokens if isinstance(token, Comparison))
subquery = next(token for token in condition.tokens if isinstance(token, Parenthesis))
print subquery
prints:
(select name from res_partner where id = 1)
This library can parse and generate SQL https://code.google.com/p/python-sql/
I have the following method:
def select_query(self):
sql = "SELECT * FROM {t} WHERE 1".format(t=self._meta.db_table)
for column_name in self.distinguishing_column_names():
sql = sql + " AND {c} = {v}".format(c=column_name, v=getattr(self, column_name))
return sql
This will give me a query like this:
SELECT * FROM customer WHERE 1 AND name = JOHN SMITH AND customer_number = 11423 AND social_security_number = 1234567890 AND phone = 2323523353
Obviously, that's not going to work. Is there a way to get Django to quote this for me?
Note: I'm not asking for a prepared statement. That's something different.
Do you need to return a query this way? The proper way would be to call cursor with the query and the params as argument:
Does Python support MySQL prepared statements?
The correct way to format a query seems to be:
query = query % db.literal(args)
Where db is a mysql.Connection (or presumably any connection)
Apparently the answer is "no."
I'm using the sqlite3 library in c++ to query the database from *.sqlite file. can you write a query statement in sqlite3 like:
char* sql = "select name from table id = (select full_name from second_table where column = 4);"
The second statement should return an id to complete the query statement with first statement.
Yes you can, just make sure that the nested query doesn't return more than one row. Add a LIMIT 1 to the end of the nested query to fix this. Also make sure that it always returns a row, or else the main query will not work.
If you want to match several rows in the nested query, then you can use either IN, like so:
char* sql = "select name from table WHERE id IN (select full_name from second_table where column = 4);"
or you can use JOIN:
char* sql = "select name from table JOIN second_table ON table.id = second_table.full_name WHERE second_table.column = 4"
Note that the IN method can be very slow, and that JOIN can be very fast, if you index on the right columns
On a sidenote, you can use SQLiteadmin (http://sqliteadmin.orbmu2k.de/) to view the database and make queries directly in it (useful for testing etc).