update qtable set Section = Section + ',Teaching' where qid=522
this update statement doesnot concat/append the values.
Section contains null value initially.
Use concat() if you are working with SQL Server 2012 instead:
update qtable
set Section = concat(Section, ',Teaching')
where qid=522;
For older version you can use
update qtable
set Section = coalesce(Section, '') + ',Teaching'
where qid=522;
Please try
update qtable set Section = CONVERT(VARCHAR(255),ISNULL(Section,'')) + ',Teaching' where qid=522
Related
I'm trying to update SQL data but it contains ' so I get errors.
The SQL statement looks like this:
UPDATE SystemConfiguration
SET HeaderScript = '<script> (function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start': new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],'
WHERE ID = 1
I tried to replace the quote with " but I get error. I also tried without quote I get error as well.
Any suggestions.
You need to double the single quotes to escape them:
UPDATE SystemConfiguration
SET HeaderScript = '<script> (function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({''gtm.start'': new Date().getTime(),event:''gtm.js''});var f=d.getElementsByTagName(s)[0],'
WHERE ID = 1
Is there a specified behavior for updating the same column 2+ times in the same UPDATE query, as follows?
UPDATE tbl SET a = 5, b = 'something', a = 6 WHERE c = 'whatever';
Is there a standardized behavior for this, or might it vary between flavors of SQL (e.g. it is "undefined behavior")? A cursory test with sqlite seems to indicate they are executed left-to-right, so the last column value will be the resulting one, but that doesn't imply that will always be the case.
Edit: The reason I'm trying to do this is I'm testing some SQL injection for a class project. One of the fields in an UPDATE is unsafely injected, and I'm trying to use it to overwrite previously SET fields from the same query.
This isn't exactly the answer you're looking for but assuming that the text "something" is a field you are passing in and it isn't parameterized or escaped you may be able to do this. This all depends on how the query is being built and what database it is being run against.
UPDATE tbl SET a = 5, b = 'something'; UPDATE tbl set a = 6;--' WHERE c = 'whatever';
by entering the following in the user input
something'; UPDATE tbl set a = 6;--
This assumes that the query is built dynamically something like this
var query = "UPDATE tbl set a = 5, b = '" + userInput + "' WHERE c = 'whatever'";
Here is a relevant question: How does the SQL injection from the "Bobby Tables" XKCD comic work?
I'm attempting to execute this SQL Update statement and it's not working. Does anyone know why ?
update dbo.EBSTable
set CommandField = replace(CommandField, '%APPL.mbm_aging_file', '%APPL.mbm_aging_file)')
where Command like '[%]APPL.mbm_aging_file'
Basically, I'm just trying to add a ")" to the end of the data appearing in the CommandField field where the value is %APPL.mbm_aging_file (The "%" actually appears in the data).
I discovered my where clause was inadequate (like me with SQL). It should read
update dbo.EBSTable set CommandField = replace(CommandField, '%APPL.mbm_aging_file', '%APPL.mbm_aging_file)') where Command like '%[%]APPL.mbm_aging_file%'
That statement worked.
update dbo.EBSTable
set CommandField = '%APPL.mbm_aging_file' + ')' -- or set CommandField = '%APPL.mbm_aging_file)'
where Command = '%APPL.mbm_aging_file'
You can do this, as you only need to add ) at the end only for this specific case.
I have the query below in access and wanted to use it in VBA...
SQL = "UPDATE Sales SET Sales.order_date = CDate(Right([data],2)+" / "+Mid([data],5,2)+" / "+Left([data],4));"
I keep getting error due to the way I am building the string to then execute.
I have tried to put the
& "/" &
to build the string but get an error when executing the SQL...
How should I build the string?
Thanks!!!
You would use DateSerial for this if data is a field of your table:
SQL = "UPDATE Sales SET Sales.order_date = DateSerial(Left([data],4), Mid([data],5,2), Right([data],2))"
just escaped the / as '/' and worked...
SQL = "UPDATE Sales SET Sales.order_date = CDate(Right([data],2)+ '/' + Mid([data],5,2) + '/' + Left([data],4));"
My question is very simple:
I have a column named "DateProcessed". Whenever User Clicks a Button, the column should be updated for each row with the current System.Date.
Here is my code:
update dbo.JobStatus SET DateShipTransmitProcessed = ???? WHERE JobTableId = #JobTableId
What should go in ????. Thanks for your help!
The ANSI standard would be to use current_timestamp, which should work for MySql, SQL Server, and any other ANSI compliant RDBMS.
update dbo.JobStatus SET DateShipTransmitProcessed = current_timestamp WHERE JobTableId = #JobTableId
If you are on SQL server..
update dbo.JobStatus SET DateShipTransmitProcessed = GetDate() WHERE JobTableId = #JobTableId