What do the `s around table/field names in SQL mean? - sql

Here's an SQL statement that phpMyAdmin generated for me:
SELECT * FROM `table_name` WHERE 1
You can see that table_name is surrounded by ` characters.
Why?

It's used to enclose identifiers in MySQL.
It lets them have characters that would be ambiguous or otherwise invalid in normal SQL, such as a space:
`foo bar` - is a valid MySQL identifier
foo bar - is not, since foo is the identifier, and bar is ambiguous

Its used as to escape/enclose characters, in case of a space or some other illegal character in the table or field name.
From the docs:
If an identifier contains
special characters or is a reserved
word, you must quote it whenever you
refer to it. The set of alphanumeric
characters from the current character
set, “_”, and “$” are not special.
Reserved words are listed at Section
8.3, “Reserved Words”.
http://dev.mysql.com/doc/refman/5.0/en/identifiers.html

Related

Regex to validate if string is valid SQL column name

I am searching a regex to validate if a string could be a valid SQL column name.
I would like to use PCRE syntax.
Up to now I found this:
[\w-]+
But I think this is not enough. I have seen the / too (in SAP).
AFAIK the spec is closed source (you need to pay for it).
From the docs (Python re):
\w
Matches Unicode word characters; this includes most characters that can be part of a word in any language, as well as numbers and the
underscore. If the ASCII flag is used, only [a-zA-Z0-9_] is matched.
How does the regex look like to validate SQL column names?
The string should be able to used like this my_column.
AFAIK reserved words are valid, since you can use them like this:
select * from my_table where "where" = 'here'
"where" is the name of a column. The regex does not need to care for reserved words.
The manual clarifies:
SQL identifiers and key words must begin with a letter (a-z, but also
letters with diacritical marks and non-Latin letters) or an underscore
(_). Subsequent characters in an identifier or key word can be
letters, underscores, digits (0-9), or dollar signs ($). Note that
dollar signs are not allowed in identifiers according to the letter of
the SQL standard, so their use might render applications less
portable. The SQL standard will not define a key word that contains
digits or starts or ends with an underscore, so identifiers of this
form are safe against possible conflict with future extensions of the
standard.
The system uses no more than NAMEDATALEN-1 bytes of an identifier;
longer names can be written in commands, but they will be truncated.
By default, NAMEDATALEN is 64 so the maximum identifier length is 63
bytes. If this limit is problematic, it can be raised by changing the
NAMEDATALEN constant in src/include/pg_config_manual.h.
And:
There is a second kind of identifier: the delimited identifier or
quoted identifier. It is formed by enclosing an arbitrary sequence of
characters in double-quotes ("). [...]
Quoted identifiers can contain any character, except the character
with code zero. (To include a double quote, write two double quotes.)
This allows constructing table or column names that would otherwise
not be possible, such as ones containing spaces or ampersands. The
length limitation still applies.
There is more, you can even use escaped unicode characters like: U&"d\0061t\+000061". Read the whole chapter.
So any character, except the character with code zero is allowed in a valid identifier, once the name is double-quoted. And without double-quotes, even simple strings like 'select' may be invalid if they happen to be reserved words. (The concept of reserved words is an unfortunate one, set by the SQL standard, hard to change now.)
You might just let Postgres do the work, using quote_ident():
SELECT quote_ident('0of') = '0of';
Quotes are added only if necessary.
The expression returns true for valid identifiers. Or just used the result of quote_ident('$identifier') to get a legal name in either case (quoted if necessary).
If we follow the PostgreSQL documentation:
SQL identifiers and key words must begin with a letter (a-z, but also letters with diacritical marks and non-Latin letters) or an underscore (_). Subsequent characters in an identifier or key word can be letters, underscores, digits (0-9), or dollar signs ($). Note that dollar signs are not allowed in identifiers according to the letter of the SQL standard [...]
we could write a regular expression for identifiers like this:
^([[:alpha:]_][[:alnum:]_]*|("[^"]*")+)$
The second branch of the regular expression takes care of quoted identifiers.

Is it possible to have a % symbol in my column name?

I'm trying to add a new column to an existing table, but when I try to create this column name I'm getting an invalid character error.
SQL Error: ORA-00911: invalid character
00911. 00000 - "invalid character"
*Cause: identifiers may not start with any ASCII character other than
letters and numbers. $#_ are also allowed after the first
character. Identifiers enclosed by doublequotes may contain
any character other than a doublequote. Alternative quotes
(q'#...#') cannot use spaces, tabs, or carriage returns as
delimiters. For all other contexts, consult the SQL Language
Reference Manual.
This is my code:
Alter Table Calculations
Add WEIGHTED_% Number;
What am I doing wrong?
I really don't recommend using the % symbol in you name I would recommend typing Percent instead. But as the error says you must en-capsule you column name in double quotes.
Alter Table Calculations Add "WEIGHTED_%" Number;
Not sure then it would still work because % is a reserved character for Doing like query and including them in exposed query is considered a vulnerability because it allows SQL injection.
Yes. Possible. Use double code for column name. Check the attached screen shot.
But it's not good to use % in the column name. Not recommended.

Can someone help point out to me what is wrong with this no brainer WHERE clause?

This is very simple but somehow I'm doing something wrong with this query on my database.
I have this query below:
SELECT login FROM accounts WHERE login = "loginname";
When I execute this query the result I get is this:
column "loginname" does not exist
This is a no brainer, why is this query not working properly? I have a login column and I know that this user exists because I've found this person with the rails console. Why is the login criteria referring to itself as a column?
Try with single quotes '' if you are trying to match a string
SELECT login FROM accounts WHERE login = 'loginname';
Check the documentation
There is a second kind of identifier: the delimited identifier or
quoted identifier. It is formed by enclosing an arbitrary sequence of
characters in double-quotes ("). A delimited identifier is always an
identifier, never a key word. So "select" could be used to refer to a
column or table named "select", whereas an unquoted select would be
taken as a key word and would therefore provoke a parse error when
used where a table or column name is expected.
Double quotes (") are used to refer to object names, in a case sensitive way. In this case, "loginname" is interpreted as a column name, and the query fails, since there is no such column. In order to refer to a string literal, you should use single quotes ('):
SELECT login FROM accounts WHERE login = 'loginname';
-- Here ---------------------------------^---------^
It seems that the " " are the problem if you believe the documentation. Single quotes are required for string values.
From the PostgreSQL Documentation:
There is a second kind of identifier: the delimited identifier or quoted identifier. It is formed by enclosing an arbitrary sequence of characters in double-quotes ("). A delimited identifier is always an identifier, never a key word. So "select" could be used to refer to a column or table named "select", whereas an unquoted select would be taken as a key word and would therefore provoke a parse error when used where a table or column name is expected. The example can be written with quoted identifiers like this:
UPDATE "my_table" SET "a" = 5;
Quoted identifiers can contain any character, except the character with code zero. (To include a double quote, write two double quotes.) This allows constructing table or column names that would otherwise not be possible, such as ones containing spaces or ampersands. The length limitation still applies.
So in your query "loginname" is the same as having loginname without quotes - it's attempting to refer to a column with that name. To make it a literal string, use single-quotes instead.

set alias Name for Table visually

I want set a second name for my tables which is not in English letter. and when I want insert Table Name to a Table as a record, I use its alias name.
I know in each query we can use as to set second name, but I don't want do it by this way. I want set it as a property of a table.
Also please tell me how can I access to this property (alias name) in query?
I found this article, but I didn't found the alias field.
You can do that with a view:
CREATE VIEW EasyName
AS
SELECT * FROM LongComplicatedTableName
So long as the view only represents one table underneath, you can use all CRUD operations on the view.
According to MSDN, the naming restrictions for table names is as follows:
The first character must be one of the following:
A letter as defined by the Unicode Standard 2.0. The Unicode definition of letters includes Latin characters from a through z and
from A through Z, in addition to letter characters from other
languages.
The underscore (_), "at" sign (#), or number sign (#). Certain symbols at the beginning of an identifier have special meaning in SQL
Server. An identifier beginning with the "at" sign denotes a local
variable or parameter. An identifier beginning with a number sign
denotes a temporary table or procedure. An identifier beginning with
double number signs (##) denotes a global temporary object.
Some Transact-SQL functions have names that start with
double at signs (##). To avoid confusion with these functions, it is
recommended that you do not use names that start with ##.
Subsequent characters can be:
Letters as defined in the Unicode Standard 2.0.
Decimal numbers from either Basic Latin or other national scripts.
The "at" sign, dollar sign ($), number sign, or underscore.
The identifier must not be a Transact-SQL reserved word. SQL Server reserves both the uppercase and lowercase versions of reserved words.
Embedded spaces or special characters are not allowed.
Supplementary characters are not allowed.
When used in Transact-SQL statements, identifiers that fail to comply
with these rules must be delimited by double quotation marks or
brackets.

SQL Server - Invalid characters in parameter names

I need to know what are the valid characters to use in a SQL parameter name.
Given something simple like SELECT * FROM tblTest WHERE testid = #[X], if X contains a hyphen, for instance, the statement will fail. What are the valid characters for parameter names?
Search for "Identifiers" in your SQL Books online, and you should find:
Rules for Regular Identifiers
The rules for the format of regular identifiers depend on the database
compatibility level. This level can be set by using sp_dbcmptlevel.
When the compatibility level is 90, the following rules apply:
The first character must be one of the following:
A letter as defined by the Unicode Standard 3.2. The Unicode definition of letters includes Latin characters from a through z,
from A through Z, and also letter characters from other languages.
The underscore (_), at sign (#), or number sign (#).
Certain symbols at the beginning of an identifier have special
meaning in SQL Server. A regular identifier that starts with the at
sign always denotes a local variable or parameter and cannot be used
as the name of any other type of object. An identifier that starts
with a number sign denotes a temporary table or procedure. An
identifier that starts with double number signs (##) denotes a global
temporary object. Although the number sign or double number sign
characters can be used to begin the names of other types of objects,
we do not recommend this practice.
Some Transact-SQL functions have names that start with double at signs
(##). To avoid confusion with these functions, you should not use
names that start with ##.
Subsequent characters can include the following:
Letters as defined in the Unicode Standard 3.2.
Decimal numbers from either Basic Latin or other national scripts.
The at sign, dollar sign ($), number sign, or underscore.
The identifier must not be a Transact-SQL reserved word. SQL Server
reserves both the uppercase and lowercase versions of reserved words.
Embedded spaces or special characters are not allowed. Supplementary
characters are not allowed.
Search for "delimited identifiers" in your SQL Books online, and you should find:
The body of the identifier can contain
any combination of characters in the
current code page, except the
delimiting characters themselves. For
example, delimited identifiers can
contain spaces, any characters valid
for regular identifiers, and any one
of the following characters.
tilde (~) hyphen (-)
exclamation point (!) left brace ({)
percent (%) right brace (})
caret (^) apostrophe (')
ampersand (&) period (.)
left parenthesis (() backslash (\)
right parenthesis ()) accent grave (`)
Marc
Search Books Online for identifiers [SQL Server]. It has the rules that parameter names must follow. (this was the SQL Server 2008 search), other versions should be a similar search