For my UPDATE statement on PostgreSQL (from Perl via DBI and DBD::Pg) I want to bind a value like this:
my $sql = 'UPDATE mytable SET foo = % WHERE id = 42';
my $foo_value = 23;
$dbh->do($sql, {}, $foo_value);
This gives the following error in the do() line:
DBD::Pg::db do failed: called with 1 bind variable when 0 are needed at...
I tried other syntaxes for placeholders, $1 and ?. Both fail with
DBD::Pg::db do failed: ERROR: invalid input syntax for type numeric: "" at...
What is the correct syntax?
The ? character is the correct placeholder.
my $sql = 'UPDATE mytable SET foo = ? WHERE id = 42';
my $foo_value = 23;
$dbh->do($sql, undef, $foo_value);
Related
I am getting an Error in my PostgreSQL query as
ERROR: invalid input syntax for type timestamp:
I am setting the value using \set.
\set dueDateEarliest '2018-04-01'
\set dueDateLatest '2018-08-01'
\set dueDateLatest '2018-08-01'
And trying to use these value in my query as below
SELECT DISTINCT(bu.id) as "user_id",c.organization_name as "name",round(i.balance,2) as "amount_due",i.id as "invoice_number",i.due_date as "due_date",CONCAT('collectionMonth', LPAD(cf2.content,2,'0')) as "collection_date" FROM base_user bu,contact c,contact_field cf, invoice i, contact_field cf2 WHERE bu.id = c.user_id AND bu.deleted = 0 AND cf.contact_id = c.id AND cf.type_id = 7 AND cf.content = 'DD' AND i.user_id = bu.id AND i.balance > 0 AND i.is_review != 1 AND i.deleted != 1 AND due_date BETWEEN 'dueDateEarliest' AND 'dueDateLatest' AND cf2.contact_id = c.id AND cf2.type_id = 8 ORDER BY bu.id limit 20;
This is giving error as
ERROR: invalid input syntax for type timestamp:
I am not getting any way to fix it.
And moreover the way I am setting value using \set is it fine ?
Or should I use SET to set the values.
Because in actual when I have to run these command from a shell script I will be calling/setting as
`set dueDateEarliest '$dueDateEarliest'` from shell script.
Which is the best way ?
Attaching the screen shot as well
It's an issue with how you formatted your query. Let's simplify it a bit:
# \set dueDateEarliest '2018-04-01'
# select 'dueDateEarliest'::timestamp;
ERROR: invalid input syntax for type timestamp: "dueDateEarliest"
LINE 1: select 'dueDateEarliest'::timestamp;
It doesn't work, because it's trying to use the string 'dueDateEarliest', not the variable.
Here's the correct way:
# select :'dueDateEarliest'::timestamp;
timestamp
---------------------
2018-04-01 00:00:00
(1 row)
I'm having issues with CONCAT() when used on a WHERE, in PDO.
The code:
<?php
require_once('config.php');
$fdate = '01/01/2010';
$tdate = '31/12/2030';
$identification = '';
$count = "SELECT count(*) as total FROM ( select time_id from doc_sent WHERE date >= :fdate AND date <= :tdate AND identification LIKE concat('%',:identification,'%') ) x;";
//$count = "SELECT count(*) as total FROM ( select time_id from doc_sent WHERE date >= :fdate AND date <= :tdate ) x;";
$stmt_count_row_main_table = $pdo->prepare($count);
$stmt_count_row_main_table->execute(['fdate' => $fdate, 'tdate' => $tdate, 'identification' => $identification]);
//$stmt_count_row_main_table->execute(['fdate' => $fdate, 'tdate' => $tdate]);
$count_row_main_table = $stmt_count_row_main_table->fetch();
print_r( $count_row_main_table);
?>
The code works when the 'identification' part is commented.
When I'm trying to use CONCAT(), it doesn't.
I tried many "version" of CONCAT() (and read many other questions, like this one: How do I create a PDO parameterized query with a LIKE statement? ) but I am always referring to the main documentation:
https://www.postgresql.org/docs/9.1/static/functions-string.html
Which say:
concat('abcde', 2, NULL, 22) --> abcde222
The FULL error when I use CONCAT() is:
PHP Fatal error: Uncaught PDOException: SQLSTATE[42P18]: Indeterminate datatype: 7 ERROR: could not determine data type of parameter $3 in /var/www/pdo-reporter/show.php:17\nStack trace:\n#0 /var/www/pdo-reporter/show.php(17): PDOStatement->execute(Array)\n#1 {main}\n thrown in /var/www/pdo-reporter/show.php on line 17
What's wrong with my code?
CONCAT is a function that takes a VARIADIC argument list, which means that internally postgres will convert them into an array of the same type.
postgres=# \df concat
List of functions
Schema | Name | Result data type | Argument data types | Type
------------+--------+------------------+---------------------+------
pg_catalog | concat | text | VARIADIC "any" | func
When trying to resolve the input type to a single type, the SQL parser fails. It can be reproduced in this simpler form:
postgres=# PREPARE p AS select concat('A', $1);
ERROR: could not determine data type of parameter $1
The parser can't figure out the datatype of $1 so it errs on the side of caution.
One easy solution is to cast the parameter as text:
postgres=# PREPARE p AS select concat($1::text);
PREPARE
or with the CAST operator:
postgres=# PREPARE p AS select concat(cast($1 as text));
PREPARE
I haven't tested with PDO but presumably it would work (given how it deals with parameters to produce prepared statements) to change the query to:
"...identification LIKE '%' || :identification || '::text%'..."
or use the '||' operator instead of concat in the query:
identification LIKE '%' || :identification || '%'
EDIT: BTW if you want to find that a parameter :X is a substring of identification, this clause is more secure: strpos(identification, :X) > 0, because :X may contain '%' or '_' without causing any side-effect in the match, contrary to what happens with LIKE.
I'm trying to select some rows from a table (PostgreSQL) using the following code:
my $kadadbh = DBI->connect(
"dbi:Pg:dbname=$dbname;host=$host",
$dbuser,
$dbpasswd
);
my $subject_nar_sel= $kadadbh->prepare(
'SELECT * FROM subject WHERE SUBSTRING(CAST(id AS text),1,6) = "?";'
);
$nar=605812;
$subject_nar_sel->execute($nar);
But I get an error:
called with 1 bind variables when 0 are needed at ...
I get the same error when I swap the single and double quotes:
"SELECT * FROM subject WHERE SUBSTRING(CAST(id AS text),1,6) = '?';"
How can I fix this?
You current query is testing whether SUBSTRING(CAST(id AS text),1,6) matches the literal string suspiciously-named quoted identifier "?". So don't quote the ?, even when the bind parameter has a string type:
SELECT * FROM subject WHERE SUBSTRING(CAST(id AS text),1,6) = ?
(or How to iterate thru information schema Using perl DBI (DBD::PG) and placeholders?)
Windows 7, ActiveState Perl 5.20.2, PostgreSQL 9.4.1 .
Cases A, B and C below were successful when using a placeholder for a COLUMN VALUE. In order
no placeholder used
passed a literal
passed a variable (populated with same literal)
It would be great to raise it up a level to DB Objects.. (tables, views etc)
Here's the output with the error for Case D:
Z:\CTAM\data_threat_mapping\DB Stats\perl scripts>test_placeholder.pl
A Row Count: 1
B Row Count: 1
C Row Count: 1
DBD::Pg::st execute failed: ERROR: syntax error at or near "$1"
LINE 1: SELECT COUNT(*) FROM $1 WHERE status = 'Draft';
^ at Z:\CTAM\data_threat_mapping\DB Stats\perl
scripts\test_placeholder.pl line 34.
Much obliged for any direction!
#!/usr/bin/perl -w
use strict;
use diagnostics;
use DBI;
my $num_rows = 0;
# connect
my $dbh = DBI->connect("DBI:Pg:dbname=CTAM;host=localhost",
"postgres", "xxxxx",
{ 'RaiseError' => 1, pg_server_prepare => 1 });
#---------------------
# A - success
my $sthA = $dbh->prepare(
"SELECT COUNT(*) FROM cwe_compound_element WHERE status = 'Draft';"
);
$sthA->execute(); # no placeholders
#---------------------
# B - success
my $sthB = $dbh->prepare (
"SELECT COUNT(*) FROM cwe_compound_element WHERE status = ?;"
);
$sthB->execute('Draft'); # pass 'Draft' to placeholder
#---------------------
# C - success
my $status_value = 'Draft';
my $sthC = $dbh->prepare(
"SELECT COUNT(*) FROM cwe_compound_element WHERE status = ?;"
);
$sthC->execute($status_value); # pass variable (column value) to placeholder
#---------------------
# D - failure
my $sthD = $dbh->prepare(
"SELECT COUNT(*) FROM ? WHERE status = 'Draft';"
);
$sthD->execute('cwe_compound_element'); # pass tablename to placeholder
I've tried single/double/sans quotes (q, qq)...
If
SELECT * FROM Foo WHERE field = ?
means
SELECT * FROM Foo WHERE field = 'val'
then
SELECT * FROM ?
means
SELECT * FROM 'Table'
and that's obviously wrong. Placeholders can only be used in an expression. Fix:
my $sthD = $dbh->prepare("
SELECT COUNT(*)
FROM ".$dbh->quote_identifier($table)."
WHERE status = 'Draft'
");
$sthD->execute();
I keep getting errors when attempting to use placeholders in my perl script for a Mysql routine.
Code :
use DBI;
my $driver = "mysql";
my $database = "database";
my $user = "exxxxxx";
my $password = "xxxxx";
my $dsn = "DBI:mysql:$database;mysql_local_infile=ON";
my $dbh = DBI->connect($dsn,$user,$password);
$dbh->do("SET \#tempc5 = (SELECT temp FROM day5 WHERE time = '00:00') ");
my $inter1 = i24;
$sth = $dbh->prepare( "SET \#sumadd5 = (SELECT ? FROM humid WHERE temp=\#tempc5) " );
$sth->bind_param( 1, $inter1 );
$sth->finish();
$dbh->disconnect();
This produces the following error:
Global symbol "$sth" requires explicit...
If I add a my $sth I get the following error:
Scalar found where operator expected...
Note that I am have no objection in trying this with $dbh->do("SET"
if possible.
The placeholders are not allowed for column names according to MySQL Manual for mysql_stmt_prepare() which is the function behind prepare.
The markers are legal only in certain places in SQL statements. For
example, they are permitted in the VALUES() list of an INSERT
statement (to specify column values for a row), or in a comparison
with a column in a WHERE clause to specify a comparison value.
However, they are not permitted for identifiers (such as table or
column names), or to specify both operands of a binary operator such
as the = equal sign. The latter restriction is necessary because it
would be impossible to determine the parameter type. In general,
parameters are legal only in Data Manipulation Language (DML)
statements, and not in Data Definition Language (DDL) statements.
If you think about it, it would not make sense to prepare a statement where you can change a column. Preparation of statement includes execution plan, but you can't plan execution of a statement where you don't know if given column has or doesn't have an index on it.
You can't use a placeholder there.
When you call prepare, all structural information about your tables is baked into the query, waiting for you to pass in data values to replace placeholders when you execute the query.
But you're trying to use a placeholder for a column name, which is part of the table's structure.
If you fix the Perl syntax to be:
my $inter1 = 'i24';
my $sth = $dbh->prepare( "SET \#sumadd5 = (SELECT ? FROM humid WHERE temp=\#tempc5) " );
$sth->execute($inter1);
it should run, but the ? will be treated as a data value rather than a column name (structural information). So you'll get the results of the SQL query
SET #sumadd5 = (SELECT 'i24' FROM humid WHERE temp=#tempc5)
instead of
SET #sumadd5 = (SELECT i24 FROM humid WHERE temp=#tempc5)
The subquery will return the literal value "i24" for each matching row rather than the value found in column i24.
You didn't quoted the vaule of $inter1. Change $inter1 = i24; to $inter1 = 'i24';. Just edited in your code, this will not give you syntax error.
use warnings;
use strict;
use DBI;
my $driver = "mysql";
my $database = "database";
my $user = "exxxxxx";
my $password = "xxxxx";
my $dsn = "DBI:mysql:$database;mysql_local_infile=ON";
my $dbh = DBI->connect($dsn,$user,$password);
$dbh->do("SET \#tempc5 = (SELECT temp FROM day5 WHERE time = '00:00') ");
my $inter1 = 'i24';
my $sth = $dbh->prepare( "SET \#sumadd5 = (SELECT ? FROM humid WHERE temp=\#tempc5) " );
$sth->bind_param( 1, $inter1 );
$sth->finish();
$dbh->disconnect();