In my spring boot application in REQUEST i post streamName and in response I get key. I'm putting this into a database and I want to avoid repeating stream names. My plan is to add such query to the insertStream method and when it returns null value, i.e. there is no such name in the database, then INSERT will be performed. Unfortunately I do not know how to implement this in the code.
This is my method:
#Override
public int insertStream(String key, String streamName) {
String sql = "" +
"INSERT INTO stream (" +
" stream_name, " + " license_key )" + "VALUES (?,?)";
return jdbcTemplate.update(
sql,
streamName,
key
);
}
and this is mention example query:
SELECT count(*) FROM public.stream WHERE stream_name='live2';
but instead of live2 it will be streamName parameter
you can use upsert in postgrsql
add a unique constraint to the stream_name column
CREATE UNIQUE INDEX unq_stream_name on stream(stream_name);
ALTER TABLE stream
ADD CONSTRAINT unq_stream_name_const
UNIQUE USING INDEX unq_stream_name;
then do upsert:
insert into stream (stream_name, license_key)
values (?,?) on conflict do nothing;
if the stream_name already exists , nothing will be inserted.
Related
i am trying to add a column to an existing table using jdbc, here is my code:
Dataset<Row> sql_statment1 =
spark.sql("ALTER TABLE class "
+ "ADD student_id INT NULL "
+ "CONSTRAINT colstudent_Null DEFAULT '1' ");
it return this error :
no viable alternative at input 'ALTER TABLE class ADD student_id'(line 1, pos 27)
can anyone help me?
I am trying to create cache in Ignite using sql query
CacheConfiguration<?, ?> cacheCfg = new CacheConfiguration<>(DUMMY_CACHE_NAME);
IgniteCache<?, ?> cache = igniteInstance.getOrCreateCache(cacheCfg);
cache.query(new SqlFieldsQuery(
"CREATE TABLE IF NOT EXISTS MY_TABLE (id varchar, value varchar, PRIMARY KEY(id)) " +
"WITH \"template=replicated\", \"DATA_REGION=" + IgniteCacheConfiguration.DEFAULT_REGION + "\""));
Then I am trying to put some data into the cache using key-value api
IgniteCache<String, String> cache = ignite.cache("SQL_PUBLIC_MY_TABLE");
cache.put("1","example");
I know the data is stored successfully, I can retrieve it, I see that cache size is correct but when I am trying to retrieve the data with SQL
SELECT * FROM "PUBLIC".MY_TABLE
for example using DBeaver I am getting empty result
Do you know if it is how Ignite works or there is some additional configuration needed ?
By default, it wraps the kay and values in a class. You can tell it not to do that with the wrap_key and wrap_value parameter like this:
create table MY_TABLE (id varchar, value varchar, PRIMARY KEY(id)) with "wrap_key=false,wrap_value=false" ;
Suppose you have the following SQL Query to create a table called notes and store data in it :
CREATE TABLE notes (
id INTEGER PRIMARY KEY,
username TEXT,
token TEXT,
text TEXT
);
INSERT INTO notes (username, token, text) VALUES ('alice', 'token-a', 'Reminder: buy milk');
INSERT INTO notes (username, token, text) VALUES ('alice', 'token-a', 'I like Bob');
INSERT INTO notes (username, token, text) VALUES ('bob', 'token-b', 'TODO: write tests');
Now to attempt SQL injection to get all alice's notes without knowing her token where the query to get the data is given as :
'''SELECT text
FROM notes
WHERE token = '%s'
''' % token
What should be the text send in the variable token so as to perform SQL injection and get all alice's notes.
Try Something like this-
';SELECT text
FROM notes
WHERE username = 'alice
SQL Injection can be implemented by concatenating the SQL statement with the input parameters. For example, the following statement is vulnerable to SQL Injection:
String statement = "SELECT ID FROM USERS WHERE USERNAME = '" + inputUsername + "' AND PASSWORD = '" + hashedPassword + "'";
An attacker would enter a username like this:
' OR 1=1 Limit 1; --
Thus, the executed statement will be:
SELECT ID FROM USERS WHERE USERNAME = '' OR 1=1 Limit 1; --' AND PASSWORD = 'Blob'
Hence, the password part is commented, and the database engine would return any arbitrary result which will be acceptable by the application.
I found this nice explanation on the free preview of "Introduction to Cybersecurity for Software Developers" course.
https://www.udemy.com/course/cybersecurity-for-developers-1/
It also explains how to prevent SQL Injection.
For the CsvCruncher project,
I am loading a CSV file into HSQLDB.
CREATE TEXT TABLE concat_1 ( Op VARCHAR(255), id VARCHAR(255), uuid VARCHAR(255), session_id VARCHAR(255) )
SET TABLE concat_1 SOURCE '.../concat_1.csv;encoding=UTF-8;cache_rows=50000;cache_size=10240000;ignore_first=true;fs=,;qc=\quote'
At the time of creating the table and loading, I don't know anything about the column values.
To speed the SELECTs up, I am trying to convert the columns (after loading) to other types, relying on this HSQLDB feature:
"HyperSQL allows changing the type if all the existing values can be cast
into the new type without string truncation or loss of significant digits."
ALTER TABLE concat_1 ALTER COLUMN id SET DATA TYPE BIGINT
But when I try that, I get:
operation is not allowed on text table with data in statement
Is this possible with HSQLDB without duplicating the TEXT table into a normal (native) table?
Here's the code, for your imagination:
for (String colName : colNames) {
String sqlTypeUsed = null;
for (String sqlType : new String[]{"TIMESTAMP","UUID","BIGINT","INTEGER","SMALLINT","BOOLEAN"}) {
String sqlCol = String.format("ALTER TABLE %s ALTER COLUMN %s SET DATA TYPE %s",
tableName, colName, sqlTypeUsed = sqlType);
log.info("Column change attempt SQL: " + sqlCol);
try (Statement st = this.conn.createStatement()) {
st.execute(sqlCol);
log.info(String.format("Column %s.%s converted to to %s", tableName, colName, sqlTypeUsed));
} catch (SQLException ex) {
log.info(String.format("Column %s.%s values don't fit to %s.\n %s",
tableName, colName, sqlTypeUsed, ex.getMessage()));
}
}
}
I figured out. Although it's not documented, TEXT tables can't be altered while bound to a CSV file.
What I did:
1) Instead of trying ALTER with each type, I queried SELECT CAST (<col> AS <type>).
2) I collected all types that the column can fit in and chose the most specific and smallest.
3) Then I detached the table - SET TABLE <table> SOURCE OFF.
4) Then I did the ALTER COLUMN.
5) Lastly, reattach - SET TABLE <table> SOURCE ON.
This way the table ends up with the most fitting type and the caches and indexes work more optimally.
For large tables, though, it could be worth flipping the resulting table into a native CACHED (disk-based) table.
Code coming when I clean it up.
I am successfully adding a table to an sql lite database but I am struggling with the syntax to write values to the table, please take a look at the code below and advice me on the correct syntax.
Sorry Code!
var db = window.openDatabase("Database", "1.0", "GBA", 200000);
db.transaction(populateDB, errorCB, successCB);
}
// Populate the database
//
function populateDB(tx) {
tx.executeSql('DROP TABLE IF EXISTS vehiclecheck');
tx.executeSql('CREATE TABLE IF NOT EXISTS vehiclecheck (id INTEGER PRIMARY KEY AUTOINCREMENT, checkfield VARCHAR(12), class INTEGER)');
tx.executeSql('INSERT INTO vehiclecheck (checkfield, class) VALUES (' + 'Test' + ',' + 1 + ')');
Try this insertion
tx.executeSql("insert into vehiclecheck(checkfield, class) values(?,?)",["Test",'1']);
You need to escape Test. If you consider your SQL:
INSERT INTO vehiclecheck (checkfield, class) VALUES (Test,1)
You can see the single quotes around Test are missing.
Don't forget that you can use bound params as well. An example is here: http://www.raymondcamden.com/index.cfm/2011/10/20/Example-of-PhoneGaps-Database-Support