Can I have Eloquent ORM run a query without using prepared statements? Or do I have to use whereRaw()?
I need to use a raw query because I'm trying to interact with InfiniDB, which lacks support for prepared statements from PHP. At any rate, all queries will be using internally generated data, not user input so it should not be a security issue.
For anything other than SELECT you can use unprepared()
DB::unprepared($sql);
For an unprepared SELECT you can use plain PDO query() by getting access to active PDO connection through getPdo()
$pdo = DB::getPdo();
$query = $pdo->query($sql);
$result = $query->fetchAll();
There's an easy way to do it. In the file config/database.php you can specify options for php PDO like so:
'mysql_unprepared' => [
'driver' => 'mysql',
'host' => env('DB_HOST', '127.0.0.1'),
'port' => env('DB_PROXY_PORT', '6033'),
'username' => env('DB_CACHED_USERNAME', 'forge'),
'password' => env('DB_CACHED_PASSWORD', ''),
'database' => env('DB_DATABASE', 'forge'),
'unix_socket' => env('DB_SOCKET', ''),
'charset' => 'utf8mb4',
'collation' => 'utf8mb4_unicode_ci',
'prefix' => '',
'prefix_indexes' => true,
'strict' => true,
'engine' => null,
'options' => extension_loaded('pdo_mysql') ? [
PDO::ATTR_EMULATE_PREPARES => true,
] : [],
'modes' => [
'ONLY_FULL_GROUP_BY',
'STRICT_TRANS_TABLES',
'NO_ZERO_IN_DATE',
'NO_ZERO_DATE',
'ERROR_FOR_DIVISION_BY_ZERO',
'NO_ENGINE_SUBSTITUTION',
],
],
As you can see, there is an option PDO::ATTR_EMULATE_PREPARES which, when set to true, will do a prepare-like action on application level and send the query unprepared instead. I didn't figure PDO had this option until I had already created an extension for Laravel's mysql driver just to intercept select queries and do unprepared mysqli queries instead so that ProxySql could cache them.
So this answer could have been a lot more complicated. Cheers.
Related
I am trying to set up my CakePHP 3.8 project on a GCP "Compute Engine" VM.
I have set up my app.php to use the following DB configuration:
'className' => 'Cake\Database\Connection',
'driver' => 'Cake\Database\Driver\Mysql',
'persistent' => false,
'datasource' => 'Database/Mysql',
'persistent' => false,
'host' => 'localhost',
'username' => 'user',
'password' => 'password',
'database' => 'dbname',
'prefix' => '',
'encoding' => 'utf8',
'timezone' => 'UTC',
'cacheMetadata' => true,
'log' => false,
'flags' => [
PDO::MYSQL_ATTR_INIT_COMMAND => "SET ##SESSION.sql_mode='';",
// uncomment below for use with Google Cloud SQL
PDO::MYSQL_ATTR_SSL_KEY => CONFIG.'ssl/client-key.pem',
PDO::MYSQL_ATTR_SSL_CERT => CONFIG.'ssl/client-cert.pem',
PDO::MYSQL_ATTR_SSL_CA => CONFIG.'ssl/server-ca.pem',
PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT => false
],
'cacheMetadata' => true,
'log' => false,
My problem happens when I try to run migrations. The site works just fine with the above configuration, however, if I run
$> php bin/cake.php migrations migrate
I get a slew of errors saying that it cannot connect, access denied for user#host.
If I add
'ssl_key' => CONFIG .'ssl/client-key.pem',
'ssl_cert' => CONFIG . 'ssl/client-cert.pem',
'ssl_ca' => CONFIG . 'ssl/server-ca.pem',
I get an error:
Caused by: [PDOException] PDO::__construct(): Peer certificate CN=`gcpname:gcpserver' did not match expected CN=`111.111.111.111' in /var/www/mydomain.com/vendor/robmorgan/phinx/src/Phinx/Db/Adapter/PdoAdapter.php on line 79
I guess this is because the migrations plugin still doesn't pass the flags or custom mysql_attr_* options over to the Phinx connection configuration, see this issue:
https://github.com/cakephp/migrations/issues/374
I don't think there's much that can be done here, other than adding support for flags / attribute options, or using Phinx directly (ie without the Migrations plugin).
I've pushed a PR that would add support for driver specific flags, you might want to give it a try and comment on the issue or the PR whether it works for you (it's for CakePHP 4.x (Migrations 3.x), I'll backport it for CakePHP 3.x (Migrations 2.x) in case it's being accepted):
https://github.com/cakephp/migrations/pull/478
I'm facing the following problem:
I have two MariaDB databases, running on two different hosts. Both of them are used to run two different websites, each of them having Drupal and CiviCRM installed and running.
Some of the data stored in the contacts table of CiviCRM from website 1 needs to be kept in sync with these same contacts on website 2.
Keeping in sync means : inserting new contacts, and updating existing contacts.
I was wondering if this coud be done via trigger?
I know I can activate remote sql on my cPanel, as I use this to work with Mysql Workbench or similar software.
Any ideas? Would a trigger work? Do I rather need to write some code in another language than SQL?
You can add multiple databases at the same time for your Drupal to connect to in your settings.php:
$databases = [
'HOST1.DATABASE' => [
'default' => [
'driver' => 'mysql',
'username' => '',
'password' => '',
'host' => '127.0.0.1',
'port' => '3306',
'prefix' => '',
'database' => 'contacts',
'collation' => 'utf8mb4_general_ci',
],
],
'HOST2.DATABASE' => [
'default' => [
'driver' => 'mysql',
'username' => '',
'password' => '',
'host' => '127.0.0.1',
'port' => '3306',
'prefix' => '',
'database' => 'contacts_audit',
'collation' => 'utf8mb4_general_ci',
],
],
];
After this you can define in the getConnection() method, which key of the $database array you want to connect.
\Drupal\Core\Database\Database::getConnection('HOST1.DATABASE')
->query('CREATE TRIGGER contacts_after_update AFTER UPDATE ON contacts FOR EACH ROW BEGIN')
->execute();
and
\Drupal\Core\Database\Database::getConnection('HOST2.DATABASE')
->query('INSERT INTO contacts_audit ( contact_id, updated_date, updated_by) VALUES ( NEW.contact_id, SYSDATE(), ); END;')
->execute();
(If you leave the parameter of getConnection() empty, it would connect to the database on $databases['default'] key. Also, you can use setActiveConnection() if you want to work more with the database, which as its name says, sets the active connection to the desired key of $databases)
Hope this helps some way.
I want to log every SQL query executed so I can debug it and then copy, paste and test it in my database tool.
I tried this solution (Yii - echo the last query) (and other similar solutions) but it is not working because I think it is for Yii1. I need it for Yii2.
I think the solution is independent of the database (I use PostgreSQL).
Maybe I have to configure it in the common/config/main-local file.
If you need in Yii (1), please update your components array in main.php like this
'components'=>array(
#/*
'fixture'=>array(
'class'=>'system.test.CDbFixtureManager',
),
#*/
'db'=>array(
'connectionString' => 'mysql:host=localhost;dbname=intakes_manager_test',
'emulatePrepare' => true,
'username' => 'root',
'password' => 'root',
'charset' => 'utf8',
'enableProfiling'=>true,
'enableParamLogging'=>true,
),
'log'=>array(
'class'=>'CLogRouter',
'routes'=>array(
array(
'class'=>'CFileLogRoute',
'levels'=>'error,trace,info,warning',
//'filter'=>'CLogFilter',
'categories'=>'system.db.*',
'logFile'=>'sql.log'
)
)
),
),
For the same in Yii 2, do like below
'components' => [
'log' => [
'targets' => [
'file' => [
'class' => 'yii\log\FileTarget',
],
'db' => [
'class' => 'yii\log\DbTarget',
],
],
],
to know more about yii 2 logging see doc here
postgresql.conf
log_min_duration_statement = -1 # -1 is disabled, 0 logs all statements
log_min_duration_statement = 0
You would need to restart the Postgresql service
I got a ubuntu docker container which runs php 5.5.9, laraverl 5.2 which can connect successfully to SQL Server and get results back.
The docker image I am using is https://hub.docker.com/r/h2labs/laravel-mssql/
The problem I got is that the server uses encryption and I cant find how to pass the following parameters to the laravel connection string for mssql
ENCRYPT=yes;trustServerCertificate=true
My SQL Server connection string at present looks like this
DB_CONNECTION=sqlsrv
DB_HOST=sql.mydomain.com
DB_PORT=1433
DB_DATABASE=mydbname
DB_USERNAME=mysusername
DB_PASSWORD=mypass
My laravel database config looks like this
'sqlsrv' => [
'driver' => 'sqlsrv',
'host' => env('DB_HOST', 'localhost'),
'database' => env('DB_DATABASE', 'forge'),
'username' => env('DB_USERNAME', 'forge'),
'password' => env('DB_PASSWORD', ''),
'charset' => 'utf8',
'prefix' => '',
],
The SQL Server error log entry is
Encryption is required to connect to this server but the client library does not support encryption; the connection has been closed. Please upgrade your client library. [CLIENT: 103.31.114.56]
Support for either option was not introduced until Laravel 5.4; Specifically, v5.4.11
So you would first need to upgrade to laravel/framework:>=5.4.11,<5.5
Then, to configure your application, you will need to modify your config/database.php file as follows:
// ...
'sqlsrv' => [
'driver' => 'sqlsrv',
'host' => env('DB_HOST', 'localhost'),
'database' => env('DB_DATABASE', 'forge'),
'username' => env('DB_USERNAME', 'forge'),
'password' => env('DB_PASSWORD', ''),
'charset' => 'utf8',
'prefix' => '',
'encrypt' => 'yes', // alternatively, defer to an env variable
'trust_server_certificate' => 'true', // alternatively, defer to an env variable
],
// ...
DatabaseServiceProvider, via ConnectionFactory and SqlServerConnector will use this to build the underlying PDO connection with those options set in the DSN.
I'm struggling to find any information on how to configure SQLite in Kohana 3.2. I mainly need to know:
What should I set hostname, database, username and password to (with default user and no password)?
Also, how can I set the path to the SQLite database file?
What should the "type" be? I tried "sqlite" but I get an error Class 'Database_Sqlite' not found.
This is my current configuration options:
'exportedDatabase' => array
(
'type' => 'sqlite',
'connection' => array(
/**
* The following options are available for MySQL:
*
* string hostname server hostname, or socket
* string database database name
* string username database username
* string password database password
* boolean persistent use persistent connections?
*
* Ports and sockets may be appended to the hostname.
*/
'hostname' => $hostname,
'database' => $database,
'username' => $username,
'password' => $password,
'persistent' => FALSE,
),
'table_prefix' => '',
'charset' => 'utf8',
'caching' => FALSE,
'profiling' => TRUE,
),
You can use PDO through Database module. The proper way of configuring it looks like this:
'exportedDatabase' => array(
'type' => 'pdo',
'connection' => array(
'dsn' => 'sqlite:/path/to/file.sqlite',
'persistent' => FALSE,
),
'table_prefix' => '',
'charset' => NULL, /* IMPORTANT- charset 'utf8' breaks sqlite(?) */
'caching' => FALSE,
'profiling' => TRUE,
),
One disadvantage of using PDO in Kohana is that in ORM you have to specify all fields by hand in your model (you should do it anyway for performance reasons) because of how different database systems handle listing of table fields.
There is also real database module created by banditron. You have to remember that's it is NOT a drop-in replacement for Database module and therefore Kohana's ORM will not work with it. Other than that it's pretty neat and has wide support for database systems other than SQLite.
As I found out, Kohana 3.x doesn't actually support SQLite. There's an unsupported module for it and, as far as I can tell, it's not working.
It's easy enough to use PDO though and the syntax is pretty much the same as Kohana's ORM:
$db = new PDO('sqlite:' . $dbFilePath);
$query = $db->prepare('CREATE TABLE example (id INTEGER PRIMARY KEY, something TEXT)');
$query->execute();
$query = $db->prepare("INSERT INTO example (id, something) VALUES (:id, :something)");
$query->bindParam(':id', $id);
$query->bindParam(':something', $something);
$query->execute();
I don't use Kohana, but this should work:
'hostname' => /path/to/your/sql/lite/file.sqlite
'database' => ''
'username' => ''
'password' => ''