I ran into a strange issue where I have a user table in my local DB, which appears to overlap with the postgres system table user when I try to run SQL queries using Postico. While I am running queries against my db, I am returned a current_user column that maps to the username accessing the db. What should I change to my SQL to point to the local DB user table?
SQL commands I'm trying to run:
SELECT *
FROM user
;
Returned current_user: johndoe
UPDATE user
SET user.password = 'cryptopw', user.authentication_token = NULL
WHERE user.user_id = 210;
USER is one of the reserved key words for PostgreSQL. It is also reserved for SQL 2011, 2008 and 92.
From the documentation:
SQL distinguishes between reserved and non-reserved key words. According to the standard, reserved key words are the only real key words; they are never allowed as identifiers.
emphasis mine
That is, if you want to avoid trouble, don't use user as an identifier (that is: it shouldn't be the name of a table, or a column, or an index, or a constraint, or a function, ...).
If you still want to try:
As a general rule, if you get spurious parser errors for commands that contain any of the listed key words as an identifier you should try to quote the identifier to see if the problem goes away.
That is, try:
SELECT
*
FROM
"user" ;
and
UPDATE
"user"
SET
password = 'cryptopw', -- not "user".password
authentication_token = NULL -- not "user". authentication_token
WHERE
"user".user_id = 210; -- you can, but don't need "user"
I would actually rename the table, call it my_user (or application_user or something else), follow the SQL standard, and forget about having to quote identifiers.
Related
so I found this sql query in a project I am succeeding. This is the first time I encountering this clause/statement. I understand that this is to look if the table exist before creating one and that Object_ID is the table name that is to be created.
My questions are:
Does sysobject mean the database?
What is the Object property?
I know that it is not the columns inside the table to be created.
The columns are : dtb_color_id and description.
can someone explain this to me. please?
IF NOT EXISTS(SELECT * FROM SYSOBJECTS WHERE ID = OBJECT_ID('DTB_COLOR') AND OBJECTPROPERTY(ID,'ISUserTable') = 1)
BEGIN
.......some query I understand
END
sysobjects, OBJECTPROPERTY and OBJECT_ID are used in Microsoft SQL Server. They are part of the SQL Server DMVs and system functions/procedures used to query and manipulate the metadata.
sys.sysobjects is simply the list of all objects (tables, views, SPs, functions, etc) on the server in the active database. Please note, that sys.sysobjects is deprecated and is only available for backward compatibility. Use sys.objects instead
https://learn.microsoft.com/en-us/sql/relational-databases/system-dynamic-management-views/system-dynamic-management-views?view=sql-server-ver16
It has (as far as I know) no meaning in MySQL, unless somebody specifically created them.
You can also use INFORMATION_SCHEMA which is available in MySQL too (however slightly different in different RDBMS).
MSSQL INFORMATION_SCHEMA: https://learn.microsoft.com/en-us/sql/relational-databases/system-information-schema-views/system-information-schema-views-transact-sql?view=sql-server-ver16
MySQL INFORMATION_SCHEMA: https://dev.mysql.com/doc/refman/8.0/en/information-schema.html
SQL Server has no CREATE TABLE IF NOT EXISTS construct, a variation of the mentioned condition is commonly used to imitate that.
This is a way in SQL Server to check if a table exists in the active database and to perform actions according to the result, like creating the table.
OBJECTPROPERTY simply checks (in this case) if the table is a user created one.
https://learn.microsoft.com/en-us/sql/t-sql/functions/objectproperty-transact-sql?view=sql-server-ver16
I would remove the OBJECTPROPERTY condition in case the part you understand is a CREATE TABLE statement. You don't want to create a table which has a similar name to any system table/view, also you don't want to execute the CREATE TABLE if there is a VIEW with the same name (table creation will fail)
Yes sysobject means database.
The OBJECTPROPERTY() function returns information about schema-
scoped objects in the current database. Use this to check if an
object is a table, view, stored procedure, etc. You can also use
it to check if a table has a primary key, foreign key, foreign
key reference, etc.
For more details : https://learn.microsoft.com/en-us/sql/t-sql/functions/objectpropertyex-transact-sql?view=sql-server-ver16
In this scenario it is used to check whether it is user table or
not. The result of the ISUserTable property is 1 when it is user
table otherwise returns 0.
Here the following steps are followed:
First, it executes the select statement inside the IF Exists
If the select statement returns a value that condition is TRUE for IF Exists
It starts the code inside a begin statement
DTB_COLOR - May be a stored procedure
I am using SQL Server. I found the following way to backup a database table:
-- Taking a backup
SELECT * INTO MY_BACKUP_DATABASE..CustomersTemporaryTable FROM Customers
I am trying to understand the .. in the syntax. From what I understand, the sentence means that Customers is the table that is going to be backed-up by placing it all of its content into the database called MY_BACKUP_DATABASE using CustomersTemporaryTable as the destination table. I assume when executing the sentence, CustomersTemporaryTable must already exist. Is my understanding of the sentence to take a backup correct?
Each MS SQL Table identifiers can have a name compound of three parts separates with a dot :
the database name
the SQL schema name (by default dbo)
the table, view or Table UDF name
Syntax :
db_name.schema_name.table_name
But it is not always necessary to specify the three parts.
Inside the current database, no need to specify the db_name. It's implicit...
By default every SQL user is associate with a specific default schema (frequently dbo too...).
So you can specify a table name with :
schema_name.table_name
...SQL Server will try to find the table into the current DB
db_name..table_name
...SQL Server will try to find the table into the specified DB and the default user schema
table_name
...SQL Server will try to find the table into the current DB and the
default user schema
To know with SQL schema is associated with your SQL user, use :
SELECT SCHEMA_NAME() AS DEFAULT_CURRENT_USER_SCHEMA
To know all the associations between SQL users and SQL schemas, do :
SELECT name AS USER_NAME, default_schema_name
FROM sys.database_principals
WHERE type_desc LIKE '%?_USER' ESCAPE '?'
First of all, understand that what you are doing is not "taking a backup", it is inserting data into a table from another table. If you have not created the destination table the syntax is like this:
Select *
INTO Destination_Table
FROM Source_Table
The destination table will be created automatically. This doesn't necessarily work so well if you will be inserting additional data that might be different lengths or data types, but for a one of select should work fine.
I have a requirement where in, I have to check whether the user has write access to a particular sql server or not.
I have done this with using Dir function for access db and other files
But SQL server, do I have to try and write a value to a table to see whether it allows me or not ?
You could try: fn_my_permissions. The following is based on an example from the web page.
SELECT * FROM fn_my_permissions('dbo.MyTable', 'OBJECT')
ORDER BY subentity_name, permission_name ;
This will return three columns:
entity_name (table in this case),
subentity_name (column in this table),
and permission_name (ALTER, SELECT, etc.).
I use SQuirrel SQL Client Version 3.5.3 and HSQLDB for my database. I have been able to specify the corresponding driver (In-memory) to it and create an Alias.
I have created a table
CREATE TABLE ENTRY(
NAME VARCHAR(100) NOT NULL,
DESC VARCHAR(500) NOT NULL,
PRIMARY KEY (NAME))
and added a few lines of data into it. While statements like these work:
select * from ENTRY
select NAME from ENTRY
select DESC from ENTRY
I always get Error: user lacks privilege or object not found"
when adding a where clause to my statement, e.g. select DESC from ENTRY where NAME=CAR
Any help is greatly appreciated as I can slowly feel my sanity waning
I had the same problem, but my table name and other things were ok except my query for VARCHAR were inside double quotes("") but it should be in single quotes('')
example:
assume you have table like this which flightId is primary key
now this query is wrong:
SELECT * FROM flights WHERE flightId="0f3ae9b3-6bb1-4c95-9394-6179555f5879"
while this one is ok:
SELECT * FROM flights WHERE flightId='0f3ae9b3-6bb1-4c95-9394-6179555f5879'
I was finally able to fix this myself. I had used a wrong table name for my select statements and after changing it to the real one it worked. The only thing that confuses me is that I also used the wrong table name for my insert statements but they were executed successfully and all data is showing up in them.
HSQLDB has default schema called PUBLIC. All SQL queries will be pointing to PUBLIC; If you have created your own schema like eg:OWNSCHEMA then edit the xxx.script and change the following line
SET DATABASE DEFAULT INITIAL SCHEMA PUBLIC
to
SET DATABASE DEFAULT INITIAL SCHEMA OWNSCHEMA
When I received the same exception the root cause was that I had a table in the SELECT clause that was not present in the FROM clause.
Your problem is:
I always get Error: user lacks privilege or object not found" when
adding a where clause to my statement, e.g. select DESC from ENTRY
where NAME=CAR
Yes, of course you do.
NAME is a field of the ENTRY table. CAR isn't a field of anything.
Perhaps your WHERE clause should look like this instead:
WHERE NAME='CAR'
Thereby comparing a field value with a literal string value instead of trying to compare it with a nonexistent other field value.
I've got some problem with creating a query in Access.
I'd like to have a query, which after running will ask about name and surname of new record in table Buyers, and then create new table for this buyer(e.g. for John Smith - called SmiJoh - 3 letters from Surname and 3 from Name).
Any ideas how to do that without VBA, using only SQL?
PS. If there's no chance to do all of this using SQL is there any possibility to do only query creating a table with this name?
You asked whether you can do something like this with SQL in Access, where table_name is a value you supply when the statement executes.
CREATE TABLE [table_name](
id COUNTER CONSTRAINT pkey PRIMARY KEY,
date_field DATETIME);
No, Access' database engine will not allow you to use a parameter for the table name.
But like the comments you've received, I encourage you to re-consider your plan to create a separate table for each buyer. That will be a complicated mess to build and maintain.
Use a single table to hold data from all buyers. Include a field to identify the buyer. Then use a query which retrieves only the rows where the buyer_id field matches the current user's buyer_id. Build a form with that query as its record source. Here is a sample table where the uname field holds the Windows account name.
id uname time_only
5018 fred 7:00:00 AM
5063 hans 2:00:00 AM
5072 hans 3:00:00 AM
With Dev Ashish's fOSUserName() function (Get Login name), this query returns only the rows where uname matches my Windows user name (hans).
SELECT d.id, d.uname, d.time_only
FROM discardme AS d
WHERE d.uname = fOSUserName();
I created a form based on that query which includes a text box bound to uname with these properties on the Data tab of its property sheet: Default Value =fOSUserName(); and Enabled No. If you don't want the user to even see the uname value, set Visible No on the Format tab.
You would still need to lock down the application to prevent the users from opening the table directly. But that would also be required with your original scheme to create a separate table for each buyer.
A similar approach could work if you have set up ULS (user-level security), which requires an MDB format db; it's not supported in the newer ACCDB db format. In that case the, the VBA CurrentUser() function will return the name of the Access security user name. Change the query accordingly:
SELECT d.id, d.uname, d.time_only
FROM discardme AS d
WHERE d.uname = CurrentUser();
Note that without ULS, CurrentUser() will give you the name of the default user account, Admin.
Finally consider your security requirements. Doing this with Access' Jet/ACE for data storage will amount to offering guidance to cooperative users. However, whether or not you adopt ULS, you can't absolutely prevent a user from viewing any of the data. If your security requirements are more stringent, move the data storage to a client-server database (SQL Server, for example). You can still use your Access application as a front-end by substituting ODBC links to the server tables for the existing native Jet/ACE tables.
Have you tried using an EXEC
DECLARE #Name VARCHAR(6)
SET #Name = 'SMIJOH' --Query your table name
EXEC ('CREATE TABLE ' + #Name + ' (ID INT IDENTITY(1,1), etc....)')