I'm switching my code to PDO for increased security. My insert works until I add a special column that create spatial data. See below for the standard insert that works, and 2nd below for what is not working.
$sql = "INSERT INTO sites_tbl (sitename, the_geom) VALUES ('$_POST[sitename]', st_geomfromtext('POINT($geomstring)',27700))";
The geomstring = a number formatted 000000 000000
Using PDO the same insert looks something like (below) this works if I just want to insert the sitename, but not when I do the_geom. The value 325123 215432 will eventually be a variable, but for now I'm testing list this.
$stmt5 = $conn ->prepare(
"INSERT INTO sites_tbl (sitename, river_id, group_id, accepted_site, the_geom, bmwp_threshold) VALUES (?, ?, ?, ?, ?, ?)");
$stmt5->bindParam(1, $sitename);
$stmt5->bindParam(2, $river_id);
$stmt5->bindParam(3, $group_id);
$stmt5->bindParam(4, $accepted_site);
$stmt5->bindParam(5, $geomstring3);
$stmt5->bindParam(6, $bmwp_threshold);
$geomstring2 = "'POINT(635230 352120)'";
$geomstring3 = st_geomfromtext($geomstring2, 27700);
you cannot
bind
an arbitrary
SQL part
using
prepared
statement
but string
or numeric
literal
only.
$geomstring4 = "'POINT(325123 215432)'";
$stmt5 = $conn ->prepare(
"INSERT INTO sites_tbl (sitename, the_geom) VALUES (?, st_geomfromtext(?,27700)))");
$stmt5->bindParam(1, $sitename);
$stmt5->bindParam(2, $geomstring4);
Related
I've been trying to insert data from excel into a table I've created using sqlite3 in python. However with the current code it will only return 'none' for each value instead of the actual values from the excel spreadsheet.
row_count = sheet.max_row - 1
count1 = 2
while count1 < row_count:
cursor.execute("INSERT INTO violations (points, serial_number, violation_code, violation_description, violation_status) VALUES (?, ?, ?, ?, ?)", (sheet.cell(row=(count1), column='A').value, sheet.cell(row=(count1), column='B').value, sheet.cell(row=(count1), column='C').value, sheet.cell(row=(count1), column='D').value, sheet.cell(row=(count1), column='E').value))
count1 = count1 + 1
So far i think the issue comes from the way the values are connected into the sql code with all the question marks as place holders for the other values, but I'm not sure how else to do this successfully. All help is greatly appreciated thank you :)
I am using go-sql-driver/mysql to insert a ton of movies from the OMDB data dump. I am parsing the data and inserting it with the following code:
_, err = database.Query("INSERT INTO `movies` (`name`, `year`, `release_date`, `full_plot`, `genre`, `imdb_id`) VALUES (?, ?, ?, ?, ?, ?)", movie.Name, movie.Year, movie.ReleaseDate, movie.FullPlot, movie.Genre, movie.IMDBID)
if err != nil {
return false, nil
}
return true, nil
It works, but for only 150 rows. Am I doing something wrong?
Your code seems to discard the error value returned, which you shouldn't do; handle it gracefully. See what the error is, if you're opening too many connections to the DB, you should use a database connection pool and set the (*DB) SetMaxOpenConns value.
(*DB)Query is typically used for SELECT statements that return rows, use (*DB)Exec or (*Stmt)Exec for your INSERT.
I'd advise using a db connection pool, and (*sql.DB)Prepare to prepare a statement and run your inserts (even concurrently) using the prepared statement.
See https://golang.org/pkg/database/sql/#DB.Prepare
How can i map output parameter in OLEDB Soruce SSIS(BIDS 2008).In (BIDS 2012) we can specify the query parameter as input and output.
SET FMTONLY OFF;
EXEC [dbo].[ProcessPingErrorAlert_KeyValue]
#AlterId = ?,
#Hour = ?,
#Day = ?,
#TraceId = ?,
#IsAlert = ? OUTPUT
Please see below two picutres.
SSIS Package In BIDS 2008
SSIS Package in BIDS 2012
The SQL statement should be:
EXEC ? = [dbo].[ProcessPingErrorAlert_KeyValue] ?, ?, ?, ?, ? OUTPUT .
Then edit SQL task and choose, in Parameter Mapping, #IsAlert as Output (check pic just for reference, variables are different). The first question mark is just for the return value (you have to declare that variable amd in Parameter Mapping).
Please respect the order you have your question marks and its correspondence by 0, 1, 2, ...
For further information you can try to read this:
https://sqlserverrider.wordpress.com/2014/08/31/execute-stored-procedure-with-input-and-output-parameters-and-return-status-in-ssis/
you need in Mapping to do the following:
Parameters: Put the name of the parameter like you named at the stored procedure.
Variables: Put the name of the variable you want to store the parameter after the execution.
Param Direcction: You have to select Output.
Before the Mapping, you will need to create a variable.
I have a massive database and and need a query to update different tables in the database. I believe this should be easy since the column I'm changing is the same in every table. This is what I have so far;
UPDATE a_assets,
client_notes,
client_pending,
client_task,
country,
document_log,
favlists,
favourites,
g_address,
g_climst,
g_dialog,
g_lang,
g_prdmst,
g_secure,
j_alloc,
logger,
passhistory,
portfolios,
prod_metrics_tank,
product_usage_lists,
region,
reasearch_logger,
search_dataphile,
search_esg,
search_rpm,
sql_workout,
universe_source,
user_jurisdications,
user_languages,
user_universe,
work_group_mappings,
work_groups,
spt_docs
set a_assets.planner = ? ,
client_notes.planner = ?,
client_pending.planner = ?,
client_task.planner = ?,
country.planner = ?,
document_log.planner=?,
favlists.planner=?,
favourites.planner=?,
g_address.planner = ?,
g_climst.planner =?,
g_dialog.planner=?,
g_lang.planner=?,
g_prdmst.planner=?,
j_alloc.planner=?,
logger.planner=?,
passhistory.planner=?,
portfolios.planner=?,
prod_metrics_tank.planner=?,
product_usage_lists.planner=?,
region.planner=?,
reasearch_logger.planner=?,
search_dataphile.planner=?,
search_esg.planner=?,
search_rpm.planner=?,
sql_workout.planner=?,
universe_source.planner=?,
user_jurisdications.planner=?,
user_languages.planner=?,
user_universe.planner=?,
work_group_mappings.planner=?,
work_groups.planner=?,
spt_docs.planner=?,
g_secure.planner = ?
where a_assets.planner = ? ,
client_notes.planner = ?,
client_pending.planner = ?,
client_task.planner = ?,
country.planner = ?,
document_log.planner=?,
favlists.planner=?,
favourites.planner=?,
g_address.planner = ?,
g_climst.planner =?,
g_dialog.planner=?,
g_lang.planner=?,
g_prdmst.planner=?,
g_secure.planner = ?,
j_alloc.planner=?,
logger.planner=?,
passhistory.planner=?,
portfolios.planner=?,
prod_metrics_tank.planner=?,
product_usage_lists.planner=?,
region.planner=?,
reasearch_logger.planner=?,
search_dataphile.planner=?,
search_esg.planner=?,
search_rpm.planner=?,
sql_workout.planner=?,
universe_source.planner=?,
user_jurisdications.planner=?,
user_languages.planner=?,
user_universe.planner=?,
work_group_mappings.planner=?,
work_groups.planner=?,
spt_docs.planner=?
Im not sure why this wont work since all tables are updating their planner column. When this runs I get an: ILLEGAL SYMBOL "token". SOME SYMBOLS THAT MIGHT BE LEGAL ARE: token-list.
What needs to change in the query in order for all the tables to update with the same data.
You can not update more than one table in single update statement.
[Update multiple tables in SQL Server using INNER JOIN
Why do you want to update all tables in one statement? Assuming you are using a recent version of LUW you can actually do the update via transition tables and a cte according to:
with t1 (n) as ( select count(1)
from new table (
update a_assets
set planer = ?
where planer = ?
)
)
, t2 (n) as ( ...
)
, ...
, tn (n) as ( ...
)
select n from t1
union all
select n from t2
...
select n from tn
but I suspect that this is not what you want.
I would suggest that you make a procedure that makes a loop over the tables and then uses execute immediate to fire of the statement(s)
I just started of with databases with SQLite3 and Ruby. I have run into a problem with my ruby code here.
I want to create a code where the user adds another record to the database. Now here is my problem.
User sawa found the solution of my first problem. Thank you!
NEW PROBLEM*
puts "Enter name for the new user"
x = gets.chomp
puts "Enter the type of the user"
y = gets.chomp
$db.execute('insert into customers(id,name,type) values (11,"#{x}","#{y}")')
When I run this code and input the x any y value it will return in my database #{x} and #{y} and not the values I created.
You're actually going about this all wrong. You shouldn't be using string interpolation for SQL at all, you should be using placeholders and bound variables. The README even includes an example:
# Execute a few inserts
{
"one" => 1,
"two" => 2,
}.each do |pair|
db.execute "insert into numbers values ( ?, ? )", pair
end
and the fine manual even mentions bound variables in the second sentence:
- (Object) execute(sql, bind_vars = [], *args, &block)
Executes the given SQL statement. If additional parameters are given, they are treated as bind variables, and are bound to the placeholders in the query.
So you should be saying this:
$db.execute('insert into customers (id, name, type) values (?, ?, ?)', 11, x, y)
or this:
$db.execute('insert into customers (id, name, type) values (?, ?, ?)', [11, x, y])
As is warned, don't use single quotes. Use double quotes. Expressions in single quotes are not ignored. They are evaluated literally.