$myq = sprintf("select user from table where user='%s'", $_POST["user"]); I would like to know if the above query can be exploited using SQL injection. Is there any advanced SQL injection technique that could break sprintf for this particular query? ...
I'm trying to diagnose why a particular query is slow against SQLite. There seems to be plenty of information on how the query optimizer works, but scant information on how to actually diagnose issues. In particular, when I analyze the database I get the expected sqlite_stat1 table, but I don't know what the stat column is telling me. A...
I want to use infinite WHILE loop in SQL Server 2005 and use BREAK keyword to exit from it on certain condition. while true does not work, so I have to use while 1=1. Is there a better way to organize infinite loop ? I know that I can use goto, but while 1=1 begin .. end looks better structurally. ...
I can read and write an Excel XLS file from Microsoft SQL. However, I need to force Excel to a recalculation before the read. How can I do that from T-SQL? Is the only way a .Net wrapper on a 3rd party library? ...
I have two tables, A and B, that have the same structure (about 30+ fields). Is there a short, elegant way to join these tables and only select rows where one or more columns differ? I could certainly write some script that creates the query with all the column names but maybe there is an SQL-only solution. To put it another way: Is the...
I am using DB2 v9 on LUW. I have a column defined like this: "ID" BIGINT NOT NULL GENERATED BY DEFAULT AS IDENTITY (START WITH 1, INCREMENT BY 1, CACHE 20, NO MINVALUE, NO MAXVALUE, NO CYCLE, NO ORDER), I would like to know the best way to determine what the next value will be for the ID column next time a record is inser...
I have a SQLite DB that has people LastName, FirstName, Department and I need to make a query that shows me any people with the same First & Last Names. I've found the following statement that supposedly does what I want for a single field, however it doesn't seem to work for me when I try to use it to pull all records with just the last...
I am using C# and developing a winform application. I have a project class which has the project attributes. the constructor of the project class is as follows: newProject = new Project(GCD_ID.IsNull() ? (int?)null : Convert.ToInt32(GCD_ID), txt_Proj_Desc.Text, txt_Prop_Name.Text, ST.ID.ToString().IsNull() ? null: ST.ID.ToString(), cmb...
If I create a table with datetime default getdate() field that is intended to keep date&time of record insertion, which name is better to use for that field ? I like to use Created and I've seen people use DateCreated or CreateDate. Other possible candidates that I can think of are: CreatedDate, CreateTime, TimeCreated, CreateDateTime,...
I have data in 2 tables, and I want to create a report. Table A: tableAID (primary key) name Table B: tableBID (primary key) grade tableAID (foreign key, references Table A) There is much more to both tables, but those are the relevant columns. The query I want to run, conceptually, is this: select TableA.name, avg(TableB.gr...
For some unknown reason I'm running into a problem when passing a variable to a full text search stored procedure performs many times slower than executing the same statement with a constant value. Any idea why and how can that be avoided? This executes very fast: SELECT * FROM table WHERE CONTAINS (comments, '123') This executes ver...
A fellow developer changed all the values in the userid column of table map. I need them changed back, because userid is also a key in the profiles table. Thankfully, for reasons that aren't worth going into, map and profiles share another column in common, employeeId. So I'd like to take all the values for userid as found in profiles...
I would like to do like: SELECT mat.idmat AS mat, $P{mylist}.indexOf(mat.idmat) AS myorder, ... FROM ... WHERE ... ORDER BY myorder In this sql I have a list who index the position of each element, so i want to order using the list ...
For example, select * from x where crc=CRC32('Hi') does the CRC32 function get run every row it checks? If so how could I optimize it? ...
Any suggestions on whether fewer check constraints are better, or more? How should they be grouped if at all? Suppose I have 3 columns which are VARCHAR2(1 BYTE), each of which is a 'T'/'F' flag. I want to add a check constraint to each column specifying that only characters IN ('T', 'F') are allowed. Should I have 3 separate check c...
I need a way to store an int for N columns. Basically what I have is this: Armies: ArmyID - UINT UnitCount1 - UINT UnitCount2 - UINT UnitCount3 - UINT UnitCount4 - UINT ... I can't possible add a column for each and every unit, so I need a fast way to store the number of each units in an army (you might have guesses it's for a game b...
I'm trying to migrate a site from a joomla system to a drupal. The problem is that drupal needs filename and sourcepath in the same row, but joomla only has filename. I'm looking for a way to add sourcepath before the filename in all the rows in that column. I'm figuring it's the UPDATE statement that I should use, but I can't figure out...
Hello, In MySQL I have a table called "meanings" with three columns: "person" (int), "word" (byte, 16 possible values) "meaning" (byte, 26 possible values). A person assigns one or more meanings to each word: person word meaning ------------------- 1 1 4 1 2 19 1 2 7 <-- Note: second meaning for word 2 1 ...
Using a SELECT statement in MS SQL 2005 TSQL, and no source table, just variables as listed below... @FirstName varchar(20) @LastName varchar(20) @ZipCode varchar(5) ...what syntax will build XML resembling the following? <XMLDATA><REC FirstName="JOHN" LastName="SMITH" ZipCode="98052" /></XMLDATA> ...
I was inspired by the good answers from my previous question about SQL. Now this SQL is run on a DB with Interbase 2009. It is about 21 GB in size. SELECT DistanceAsMeters, AddrDistance.Bold_Id, AddrDistance.Created, AddressFrom.CityName_CO as FromCity, AddressTo.CityName_CO as ToCity FROM AddrDistance LEFT JOIN Address AddressFrom ON A...