Yii2 prepared statements fail to evaluate parameters wrapped in quotes - postgresql

$params = [
':x1' => $locationBox['leftLongitude'],
':y1' => $locationBox['topLatitude'],
':x2' => $locationBox['rightLongitude'],
':y2' => $locationBox['topLatitude'],
':x3' => $locationBox['rightLongitude'],
':y3' => $locationBox['bottomLatitude'],
':x4' => $locationBox['leftLongitude'],
':y4' => $locationBox['bottomLatitude'],
':x5' => $locationBox['leftLongitude'],
':y5' => $locationBox['topLatitude']
];
$sql = "
....
INNER JOIN tag_geo T3 ON (T3.id = T2.tag_id_b AND ST_Covers(ST_GeogFromText('POLYGON((:x1 :y1, :x2 :y2, :x3 :y3, :x4 :y4, :x5 :y5))'), T3.geo_location));
";
$connection = \Yii::$app->getDb();
$command = $connection->createCommand($sql);
$command->bindValues($params);
$result = $command->queryAll();
I get an error:
SQLSTATE[HY093]: Invalid parameter number: :x1 Failed to prepare SQL
Notice single tick ('POLYGON), if I remove the ticks that wrap the POLYGON function the parameters get evaluated but another error occurred, since this POLYGON must be in single quotes.

Because of the single quotes around POLYGON function, the polygon part is recognized by the db engine as it is, e.g. as the string POLYGON((:x1 :y1, :x2 :y2, :x3 :y3, :x4 :y4, :x5 :y5)). So you should implement only one marker (:polygon) in the sql statement istead:
<?php
$sql = "
....
INNER JOIN tag_geo T3 ON (T3.id = T2.tag_id_b AND ST_Covers(ST_GeogFromText(:polygon), T3.geo_location));
";
$params = [
":poligon" => sprintf( // Output: POLYGON((x1-value y1-value, x2-value y2-value, ...))
"POLYGON((%s %s, %s %s, %s %s, %s %s, %s %s))"
, $locationBox['leftLongitude']
, $locationBox['topLatitude']
, $locationBox['rightLongitude']
, $locationBox['topLatitude']
, $locationBox['rightLongitude']
, $locationBox['bottomLatitude']
, $locationBox['leftLongitude']
, $locationBox['bottomLatitude']
, $locationBox['leftLongitude']
, $locationBox['topLatitude']
)
];
//...
Of course, if it still doesn't work use question mark markers (?) instead.
This situation is similar with the one where one tries to prepare an sql statement which uses the LIKE keyword. An example here: Syntax of LIKE in PreparedStatement.

Related

DBIx::Class update Inflate column with function

I tried to emulate this SQL in DBIx::Class against the update_or_new function.
UPDATE user SET lastseen = GREATEST( lastseen, ?::timestamp ) WHERE userid = ?
It gives an error on inflate column saying it is unable to invoke is_infinity on undef .
$schema->resultset('user')->update_or_new( {
userid => 'peter',
lastseen => \[ 'GREATEST( lastseen, ?::timestamp )', DateTime->from_epoch(epoch => 1234) ]
} );
I guess this is because the InflateColumn::DataTime does not expect a function there. Is there any clean workaround for this issue?
This is a bug in DBIx::Class ( addressed here: https://github.com/dbsrgits/dbix-class/pull/44 ) and the fix is merged. It should be fine on the next release.
That said, if you're using DBIx::Class <= 0.08270...
You're using update_or_new, but the function only makes sense if the row exists already:
GREATEST( lastseen, ?::timestamp ) lastseen is undefined if the row doesn't exist yet.
I read through the source+docs a bunch and cannot find a way to sidestep the InflateColumn code and still have bind values. You can pass in literal SQL with a scalar ref ( \'NOW()' ) but not an array ref.
Your best bet would be to use the ResultSet's update method instead, which does not 'process/deflate any of the values passed in. This is unlike the corresponding "update" in DBIx::Class::Row.'
my $dtf = $schema->storage->datetime_parser; #https://metacpan.org/pod/DBIx::Class::Storage::DBI#datetime_parser
my $user_rs = $schema->resultset('User')->search({ userid => 'peter' });
my $dt = DateTime->from_epoch(epoch => 1234);
#select count(*) where userid = 'peter';
if( $user_rs->count ) {
$user_rs->update(
lastseen => \[ 'GREATEST( lastseen, ? )', $dtf->format_datetime($dt) ]
);
} else {
$user_rs->create({ lastseen => $dt });
}

How do i pass a variable for the query in a get Manager call?

I am trying to make a simple Rose DB call:
$id = xyz;
$name = "company";
DataB::testTable::Manager->get_testTable( query =>[ id => $id, name => $name ] );
in it possible to not have the whole query written every time, and declare it like a string variable such that i can just call
DataB::testTable::Manager->get_testTable( query =>[ $query ] );
where $query = qq { id => $id , name => $name };
Please Help
By what I understood from your question, I am giving this answer.
Try this one.
my $myquery = {query =>{ id=>$id, name=>$name }} ;
TGI::testTable::Manager->get_testTable($myquery);
Hope, this gives some idea to you.
Edit for "Hash with Array reference":
my $myquery = [ id=>$id, name=>$name ] ;
TGI::testTable::Manager->get_testTable(query => $myquery);
check out this : How to pass a a string variable as "query" for get Manager call?
Well actually i figured out how to do that . Its not that complicated. Only thing is RoseDB objects expect an array reference for a query. So something like this works :
my #query = ( id => $id, name => $name );
testDB::testTable::Manager->get_testTable( query => \#query );
Just thought would answer it myself, incase someonelse is looking for a solution to this

Zend Framework - Issue with delete from database code

In my Application_Model_DbTable_User, I have the following function:
public function deleteUser($username)
{
$this->delete('username = ' . (string) $username);
}
This function is being called from my AdminController, with this three lines of code.
$uname = $this->getRequest()->getParam('username');
$user = new Application_Model_DbTable_User();
$user->deleteUser($uname);
This error however, turns up.
Column not found: 1054 Unknown column 'test' in 'where clause'
With test being the user I am trying to delete.
This code is adapted from a previous code which deletes based on id, a INT field, which works perfectly fine. What am I doing wrong? I would be happy to give more detailed codes if needed. Thanks.
Your query isn't quoted:
$this->delete('username = ' . (string) $username);
This equates to:
WHERE username = test
If you use the where() method, it will do this for you:
$table->where('username = ?', $username);
Or (like the example in the docs):
$where = $table->getAdapter()->quoteInto('bug_id = ?', 1235);
$table->delete($where);

Which Perl module should I use to generate a validating CRUD webform?

Has anyone successfully used something like DBIx::Class::WebForm or CatalystX-CRUD to automagically build a self-validating webform from a database table?
I'm imagining a module that reads a database table schema, reads the constraints for each column, and generates some abstract representation of a webform, with fields for error messages, etc. I'm using Catalyst and Plack with a big existing codebase.
I don't want to code up an HTML webform, nor any validation logic. I'm aiming to write as little code as possible, in the style of Ruby on Rails. Which Perl module is best for this?
UPDATE: I've solved the webform side with HTML::FormFu, but it's still clunky mapping the form inputs onto the database, e.g. date_start and date_end both relate to the 'created' column, and comment should match using 'LIKE %foo%', etc. Where's the 'DBICFu'?
UPDATE: This is for a web application, the webform should not look like a database table. I'm not looking for a database management tool.
You can use use HTML::FormHandler::Moose and HTML::FormHandler::Model::DBIC and get some nice forms.
As a simple example:
The form definition:
package MyStats::Form::Datetime ;
use HTML::FormHandler::Moose ;
extends 'HTML::FormHandler::Model::DBIC' ;
use Date::Calc qw(Today_and_Now) ;
has_field 'datetimeid' => ( label => 'ID' ) ;
has_field 'datetime' => ( type => 'Text',
apply => [ { transform => \&transform_dt } ] ,
deflation => \&deflation_dt ,
required => 1 ) ;
has_field 'submit' => ( type => 'Submit' ,
value => 'Speichern' ) ;
# These are the fields of the table datetime
sub transform_dt {
my ( $dt ) = #_ ;
my #d = ( $dt =~ m/(\d{1,2})\.(\d{1,2})\.(\d{4})\s+(\d{1,2}):(\d{1,2})/ ) ;
return sprintf( '%04d-%02d-%02d %02d:%02d:00' , #d[2,1,0,3,4] ) ;
}
sub deflation_dt {
my ( $dt ) = #_ ;
my #d = ( $dt =~ m/(\d{4})-(\d{2})-(\d{2})\s+(\d{1,2}):(\d{1,2})/ ) ;
if( ! #d ) {
#d = Today_and_Now() ;
}
return sprintf( '%02d.%02d.%04d %02d:%02d:00' , #d[2,1,0,3,4] ) ;
}
1 ;
And the usage in a controller:
package MyStats::Controller::Datetime ;
use Moose ;
use namespace::autoclean ;
BEGIN { extends 'Catalyst::Controller' ; }
use MyStats::Form::Datetime ;
has 'form' => ( isa => 'MyStats::Form::Datetime' ,
is => 'rw' ,
lazy => 1 ,
default => \&new_datetime_form ) ;
sub new_datetime_form {
MyStats::Form::Datetime->new( css_class => 'datetimeform' ,
name => 'datetimeform' ) ;
}
...
sub add :Local :Args(0) {
my ( $self , $ctx ) = #_ ;
my $data = $ctx->model( 'MyStatsDB::Datetime' )->new_result( {} ) ;
$ctx->stash( template => 'datetime/add.tt2' ,
form => $self->form ) ;
$ctx->bread_crumb( { name => 'Datum/Zeit eingeben' ,
location => '/datetime/add' } ) ;
$ctx->req->param( 'datetimeid' , undef ) if $ctx->req->param( 'datetimeid' ) ;
return unless $self->form->process( item => $data ,
params => $ctx->req->params ) ;
$ctx->flash( message => 'Neuer Datensatz ' . $data->datetimeid .
' angelegt.' ,
id_add => $data->datetimeid ) ;
$ctx->res->redirect( $ctx->uri_for( '/datetime' ) ) ;
}
...
__PACKAGE__->meta->make_immutable ;
1 ;
Works good.
I've used HTML::FormHandler to generate forms for me in this fashion. It needs some tweaking, but it does 90% of the work for you. Separately DBIx::Class offers a similar tool.
There are a number of crud options on the Catalyst wiki.
It sounds like AutoCrud would fit your needs.

Zend_Db_Profiler not logging db connection time?

Following the sample code on http://framework.zend.com/manual/en/zend.db.profiler.html I have set up db profiling of my Zend Framework app.
application.ini:
db.profiler.enabled = true
View Helper:
$totalTime = $profiler->getTotalElapsedSecs();
$queryCount = $profiler->getTotalNumQueries();
$longestTime = 0;
$longestQuery = null;
foreach ($profiler->getQueryProfiles() as $query) {
if ($query->getElapsedSecs() > $longestTime) {
$longestTime = $query->getElapsedSecs();
$longestQuery = $query->getQuery();
}
}
echo 'Executed ' . $queryCount . ' queries in ' . $totalTime . ' seconds' . "\n";
echo 'Average query length: ' . $totalTime / $queryCount . ' seconds' . "\n";
echo 'Queries per second: ' . $queryCount / $totalTime . "\n";
echo 'Longest query length: ' . $longestTime . "\n";
echo "Longest query: \n" . $longestQuery . "\n";
It works fine for select/insert/update/delete queries.
But I cannot find anyway to get the profiler to show the time taken to initiate the actual db connection, despite the documenation implying that it does log this.
I suspect that Zend_Db simply does not log the connection to the db with the profiler.
Does anyone know what is going on here?
I am using the Oracle database adapter, and ZF 1.10.1
UPDATE:
I understand it is possible to filter the profiler output, such that it will only show certain query types, e.g. select/insert/update. There also appears to be an option to filter just the connection records:
$profiler->setFilterQueryType(Zend_Db_Profiler::CONNECT);
However, my problem is that the profiler is not logging the connections to begin with, so this filter does nothing.
I know this for a fact, because if I print the profiler object, it contains data for many different queries - but no data for the connection queries:
print_r($profiler);
//output
Zend_Db_Profiler Object
(
[_queryProfiles:protected] => Array
(
[0] => Zend_Db_Profiler_Query Object
(
[_query:protected] => select * from table1
[_queryType:protected] => 32
[_startedMicrotime:protected] => 1268104035.3465
[_endedMicrotime:protected] => 1268104035.3855
[_boundParams:protected] => Array
(
)
)
[1] => Zend_Db_Profiler_Query Object
(
[_query:protected] => select * from table2
[_queryType:protected] => 32
[_startedMicrotime:protected] => 1268104035.3882
[_endedMicrotime:protected] => 1268104035.419
[_boundParams:protected] => Array
(
)
)
)
[_enabled:protected] => 1
[_filterElapsedSecs:protected] =>
[_filterTypes:protected] =>
)
Am I doing something wrong - or has logging of connections just not been added to Zend Framework yet?
The profiler 'bundles' connection and other operations in with the general queries.
There's three ways you might examine the connection specifically:
Set a filter on the profiler during setup:
$profiler->setFilterQueryType(**Zend_Db_Profiler::CONNECT**);
Then the resultant profiles will only include 'connect' operations.
Specify a query type when you retrieve the Query Profiles:
$profiles = $profiler->getQueryProfiles(**Zend_Db_Profiler::CONNECT**);
Examine the query objects directly during the iteration:
foreach($profiler->getQueryProfiles() as $query) {
if ($query->getQueryType() == Zend_Db_Profiler::CONNECT &&
$query->getElapsedSecs() > $longestConnectionTime) {
$longestConnectionTime = $query->getElapsedSecs();
}
}
You'll not find great detail in there, it's logged just as a 'connect' operation along with the time taken.