Using node-postgres, the following snippet works fine:
let shift_solutions = function (ufrom, uto) {
let cmd = 'update solutions set "user" = \''+uto+'\' where "user" = \''+ufrom+'\''
client.query( cmd, null, function (err,rslt) {
... works
but the if I change the above to:
client.query('update solutions set "user" = %2 where "user" = %1',
[ufrom,uto],
function (err,rslt) {
... fails
yields - Unhandled rejection error: syntax error at or near "%".
I suspect it might have something to do with the fact that the user field is of type 'uuid', but don't really have a clue tbh. The parameters are supplied as strings:
[ '8e479385-5692-4acc-8dd7-4630480bd17f',
'0cc0832e-1f01-40a9-aaa4-30ae8e56d708' ]
Anybody able to shed some light on what I am doing wrong here? Thanks.
Use the dollar sign for your parameters ie
client.query('update solutions set "user" = $2 where "user" = $1'
Related
Is there a way to check if pg_prepare already executed and remove it from the session?
Seems like pg_close doesn't remove prepared statement from the session. Kind of seems like a bug in php, but maybe I'm missing something or maybe there is a workaround.
public static function readSubdomains($dcName, $filter = null) {
// ...
$conn = pg_pconnect($connectionString);
// ...
$result = pg_prepare($conn, "subdomains", "SELECT subdomain
from tenants
where $where
order by 1 asc
");
$result = pg_execute($conn, "subdomains", $params);
// ...
pg_close($conn);
}
Second call to readSubdomains shows a warning like this:
Warning: pg_prepare(): Query failed: ERROR: prepared expression "subdomains" already exists in inc/TestHelper.php on line 121
Always check the official manuals for this sort of stuff.
https://www.postgresql.org/docs/current/view-pg-prepared-statements.html
Oh - if pg_close isn't dropping prepared statements then it isn't closing the connection. You might have some connection pooling involved.
Can you please help me on below query?
php code://
$countdate='2017-01-03';
$countsql='SELECT rucid,"databaseType","countLoggedOn","prodCount","nprodCount","countType" FROM "ru_countLog" WHERE "countLoggedOn"=$countdate';
--> It's giving syntax error
syntax error at or near "$" LINE 1: ...untType" FROM "ru_countLog"
WHERE "countLoggedOn"=$countdate
Remove the internal double quotes from your query:
$countsql = "SELECT rucid, databaseType, countLoggedOn,
prodCount, nprodCount, countType
FROM ru_countLog
WHERE countLoggedOn = $countdate";
Note that this query is vulnerable to SQL injection. Consider parametrizing $countdate. With http://php.net/manual/en/function.pg-query-params.php, this would become
$countsql = 'SELECT rucid, databaseType, countLoggedOn,
prodCount, nprodCount, countType
FROM ru_countLog
WHERE countLoggedOn = $1';
$result = pg_query_params($dbconn, $countsql, array($countdate));
where $dbconn is your database connection
Maybe you should try like this
$countdate='2017-01-03';
$countsql='SELECT rucid,"databaseType","countLoggedOn","prodCount","nprodCount","countType" FROM "ru_countLog" WHERE "countLoggedOn"='.$countdate;
Hope this help
I am developing an application using Dashdb on Bluemix and nodered, my PHP application uses the call to webservice to invoke the node-red, whenever my function on PHP invokes the node to insert on table and the field GEO_ID is null, the application fails, I understand the issue, it seems the third parameter was not informed, I have just tried to check the param before and passing something like NULL but it continues not working.
See the code:
msg.account_id = msg.req.query.account_id;
msg.user_id = msg.req.query.user_id;
msg.geo_id=msg.req.query.geo_id;
msg.payload = "INSERT INTO ACCOUNT_USER (ACCOUNT_ID, USER_ID, GEO_ID) VALUES (?,?,?) ";
return msg;
And on Dashdb component I have set the parameter as below:
msg.account_id,msg.user_id,msg.geo_id
The third geo_id is the issue, I have tried something like the code below:
if(msg.req.query.geo_id===null){msg.geo_id=null}
or
if(msg.req.query.geo_id===null){msg.geo_id="null"}
The error I got is the one below:
dashDB query node: Error: [IBM][CLI Driver][DB2/LINUXX8664] SQL0420N Invalid character found in a character string argument of the function "DECIMAL". SQLSTATE=22018
I really appreciate if someone could help me on it .
Thanks,
Eduardo Diogo Garcia
Is it possible that msg.req.query.geo_id is set to an empty string?
In that case neither if statement above would get executed, and you would be trying to insert an empty string into a DECIMAL column. Maybe try something like this:
if (! msg.req.query.geo_id || msg.req.query.geo_id == '') {
msg.geo_id = null;
}
<?php
$link = mysqli_connect('localhost','root','root');
$link->query('CREATE DATABASE IF NOT EXISTS users');
$link->Select_db('users');
$sql='SELECT id FROM users WHERE email = '.$useremail.' AND username = '.$username;
$results = $link->query($sql);
$numrows = $results->num_rows;
if ($numrows == 1) {
#update user information
} else {
#failed to update
}
?>
It only works part of the time, and i'm not able to nail down an error from it one way or the other. I can confirm that the error pops up on the $numrows=$results->num_rows; line, but as for why, i'm lost. Occasionally it will work as intended, so any and all advice on what i can do to fix it, or at least helping me understand it better is greatly appreciated. Thanks!
Use Double Quotation for query and varchar/string pass with single quotation
$sql="SELECT id FROM users WHERE email = '".$useremail."' AND username = '".$username."'";
$results = $link->query($sql);
$numrows = $results->num_rows();
The reason that your call to num_rows generated an error is that your query had an error, and query() returned false instead of a valid result resource. Because it's a fatal error to try to call a method on a false value, you should always check the return value of query() before using it. Example:
if (!($result = $link->query($sql))) {
die($link->error);
}
Problems with your query:
You create a database named users and make that the default database, then you run a SELECT query from a table named users. There would be no tables in a database you have just created. In SQL, we use SELECT against tables, not databases (these are two different things, analogous to files contained in a directory on a filesystem).
You don't quote the string arguments in your SQL statement. For example, this SQL would be an error:
SELECT id FROM users WHERE email = bill#example.com AND username = bill
It should be this instead:
SELECT id FROM users WHERE email = 'bill#example.com' AND username = 'bill'
I know the quotes get confusing, because you have PHP string quotes and then SQL string quotes, but here are several ways of accomplishing it:
$sql='SELECT id FROM users WHERE email = \''.$useremail.'\' AND username = \''.$username.'\'';
$sql="SELECT id FROM users WHERE email = '".$useremail."' AND username = '".$username."'";
$sql="SELECT id FROM users WHERE email = '{$useremail}' AND username = '{$username}'";
I'm not sure if you have protected your PHP variables appropriately. You must never interpolate PHP variables into SQL strings unless you have escaped the content of the variables.
$useremail_esc = $link->real_escape_string($useremail);
$username_esc = $link->real_escape_string($username);
$sql="SELECT id FROM users WHERE email = '{$useremail_esc}' AND username = '{$username_esc}'";
But it would be better to use prepared statements with parameter placeholders. This is easier to use than escaping variables, and it's more reliable. Here's an example:
$sql="SELECT id FROM users WHERE email = ? AND username = ?";
$stmt = $link->prepare($sql);
$stmt->bind_param("ss", $useremail, $username);
$stmt->execute();
$result = $stmt->get_result();
Notice that you don't use escaping when you use parameters, and you don't put SQL quotes around the ? placeholders.
I have this piece of code which works 90% of the time:
$user_details=$fb->api_client->users_getInfo($fb_user, array('last_name','first_name','proxied_email'));
$firstName=$user_details[0]['first_name'];
But sometimes I get this error:
Fatal error: Cannot use string offset as an array for line
$firstName=$user_details[0]['first_name'];
I have read several people report the same issue - but I'm still not clear as to what is the reason - Am I getting this error because facebook is not returning any results or am I getting because it is returning only a single array instead of array of arrays.
This is the fix I'm thinking of:
if (!is_array($user_details)) {
$firstName='';
}
else
{
$firstName = ($user_details[0]) ? $user_details[0]['first_name'] : $user_details['first_name'];
}
Also if I'm not getting the name - is it because of a timeout issue or something else?
Thanks
$user_details=$fb->api_client->users_getInfo($fb_user, array('last_name','first_name','proxied_email'));
if (!is_array($user_details)) {
$firstName='';
$lastName='';
}
else
{
$firstName = ($user_details[0]) ? $user_details[0]['first_name'] : $user_details['first_name'];
$lastName = ($user_details[0]) ? $user_details[0]['last_name'] : $user_details['last_name'];
}
Just modify your php.ini and set parameter or add:
magic_quotes_gpc = Off