what is correct sql statement syntax in PHP? - sql

when I write a sql statement in php, i usualy write it as below
SELECT COUNT(*) FROM catalogsearch_query AS main_table
but I found that some people write sql statement like
SELECT COUNT(*) FROM `catalogsearch_query` AS `main_table`
do I have to use ` ?

You don't have to use backticks. However when you're using reserved keywords as table or field names, then you have to enclose them in backticks for them to work.

From MySql docs:
Database, table, index, column, and alias names are identifiers. An identifier may be quoted or unquoted. If an identifier contains special characters or is a reserved word, you must quote it whenever you refer to it.
We use the backtick ` for quoting.

Related

is "SELECT fieldname, fieldName FROM MY_TABLE;" ever valid for any SQL database?

Do any SQL databases have case-sensitive naming for field names?
What I mean is, in Java you can have two variables ...
String fieldname = "a";
String fieldName = "b";
Are there any SQL databases support that so ...
SELECT fieldname, fieldName FROM MY_TABLE;
... would return two different columns?
I'm asking because I'm building a database utility that has to work for MySQL, H2, PostgreSQL, Oracle, and SQL Server, so I need to know how they all work for a bit of code I'm writing.
In most databases (and in all those you tagged), an unquoted identifier is case-insensitive. Meaning that fieldname and fieldName are the same thing: the database folds them into the default case, which makes them equivalent.
In most databases, you can make an identifier case-sensitive by quoting it. The quoting character varies across databases. In standard SQL, you use double quotes. So "fieldname" and "fieldName" are two different things. Oracle and Postgres follow that standard. SQL Server wants square brackets ([]); MySQL wants backticks.
In a nutshell: in SQL, I would not recommend using case-sensitive identifiers. This makes things more complicated for no value added. In my opinion, snake case style is your best pick in SQL, because upper/lower case are meaningless.
By the SQL standard, SQL identifiers are case-insensitive. So, without escape characters, these refer to the same column:
select fieldname, fieldName
However, you can escape the names and they become distinguishable. The standard SQL escape character is ":
select "fieldname", "fieldName"
But some databases don't support this and have their own.
In Oracle, you can certainly have case-sensitive column names, they just need to be quoted. So this query would return data from three separate columns
SELECT "columnName", "ColumnName", columnName
FROM table
In SQL Server, you can have case-sensitive columns but they need to be enclosed in brackets, i.e.
SELECT [ColumnName], [columnName], [columnname]
FROM table

select using keyword values in SQL

I am trying to do a query in a SQLite database equivalent to this:
SELECT act_unit FROM processes WHERE process='processname'
but using the keyword values, so I can specify the name, which is stored in a variable (I am actually running the query in a Jupyter notebook). I've used successfully the keyword values in insert statements, but I do not know how to do it here. I tried several combinations like this one
SELECT act_unit from processes WHERE process=values,('processname')
but I can't figure out how to do it properly.
From the SQLite documentation: https://www.sqlite.org/lang_keywords.html
It would be SELECT act_unit from processes WHERE process="values",('processname')
If you want to use a keyword as a name, you need to quote it. There
are four ways of quoting keywords in SQLite:
'keyword' A keyword in single quotes is a string literal.
"keyword" A keyword in double-quotes is an identifier.
[keyword] A
keyword enclosed in square brackets is an identifier. This is not
standard SQL. This quoting mechanism is used by MS Access and SQL
Server and is included in SQLite for compatibility.
keyword A
keyword enclosed in grave accents (ASCII code 96) is an identifier.
This is not standard SQL. This quoting mechanism is used by MySQL and
is included in SQLite for compatibility.

Escape table name in SQLite?

I have table named References in SQLite, so I can't target it, it seems. SQLite studio I use to edit databases throws an error.
Is there a way to escape database name?
The query is:
UPDATE References
SET DateTimeLastEdited = datetime('now', 'localtime')
WHERE NewsItemID = old.NewsItemID;
(This is part of the trigger I am making.)
You can escape table names with double quotes:
UPDATE "References" SET DateTimeLastEdited = datetime('now', 'localtime') WHERE NewsItemID = old.NewsItemID;
Depending on what you want to escape, you need to use different delimiters:
If you want to use a keyword as a name, you need to quote it. There
are four ways of quoting keywords in SQLite:
'keyword' A keyword in single quotes is a string literal.
"keyword" A keyword in double-quotes is an identifier.
[keyword] A
keyword enclosed in square brackets is an identifier. This is not
standard SQL. This quoting mechanism is used by MS Access and SQL
Server and is included in SQLite for compatibility.
`keyword` A
keyword enclosed in grave accents (ASCII code 96) is an identifier.
This is not standard SQL. This quoting mechanism is used by MySQL and
is included in SQLite for compatibility.
From SQLite documentation

What does the “&” symbol do in SQL?

What does the “&” symbol do?
select *
from emp
where ename like '&A%';
I infer you are using Oracle RDBMS since EMP.ENAME is from one of the example schemas from Oracle. In Oracle the ampersand "&" can be used as a substitution variable in SQL*Plus (client). See http://oracle-base.com/articles/misc/literals-substitution-variables-and-bind-variables.php#substitution_variables.
99% of the time, you are probably not doing substitution and want a literal ampersand. Such as INSERT INTO sometable VALUES ('Black & Decker'); So you would disable substitution first in SQL*Plus with SET DEFINE OFF.
It doesn't do or mean anything special in SQL string literal. It is just stands for itself; i.e. the ampersand character. So like '&A%' means a string that starts with '&A'.
Apparently (Joshua's answer), the ampersand can have special meaning in Oracle SQLPlus. But that isn't SQL. It is a different language that has SQL syntax embedded in it.

Oracle: Handling a field named COMMENT

I have a table with a field named COMMENT, which appears to be a reserved word.
Using SQLDeveloper, if I try:
select
[COMMENT],
another_field
FROM table_created_by_idiot_developer
I get
SQL Error: ORA-00936: missing expression
How can I access this field in my select in SQL Developer? (Is this a problem with SQL Developer, or should field not be named COMMENT in oracle?)
Try "COMMENT" instead of [COMMENT]. This is alternate syntax commonly accepted by various DBMSes. I have used this syntax to refer to columns having dots or UTF8 characters in their names in SQLite.