One of my columns is called from. I can't change the name because I didn't make it.
Am I allowed to do something like SELECT from FROM TableName or is there a special syntax to avoid the SQL Server being confused?
Wrap the column name in brackets like so, from becomes [from].
select [from] from table;
It is also possible to use the following (useful when querying multiple tables):
select table.[from] from table;
If it had been in PostgreSQL, use double quotes around the name, like:
select "from" from "table";
Note: Internally PostgreSQL automatically converts all unquoted commands and parameters to lower case. That have the effect that commands and identifiers aren't case sensitive. sEleCt * from tAblE; is interpreted as select * from table;. However, parameters inside double quotes are used as is, and therefore ARE case sensitive: select * from "table"; and select * from "Table"; gets the result from two different tables.
These are the two ways to do it:
Use back quote as here:
SELECT `from` FROM TableName
You can mention with table name as:
SELECT TableName.from FROM TableName
While you are doing it - alias it as something else (or better yet, use a view or an SP and deprecate the old direct access method).
SELECT [from] AS TransferFrom -- Or something else more suitable
FROM TableName
Your question seems to be well answered here, but I just want to add one more comment to this subject.
Those designing the database should be well aware of the reserved keywords and avoid using them. If you discover someone using it, inform them about it (in a polite way). The keyword here is reserved word.
More information:
"Reserved keywords should not be used
as object names. Databases upgraded
from earlier versions of SQL Server
may contain identifiers that include
words not reserved in the earlier
version, but that are reserved words
for the current version of SQL Server.
You can refer to the object by using
delimited identifiers until the name
can be changed."
http://msdn.microsoft.com/en-us/library/ms176027.aspx
and
"If your database does contain names
that match reserved keywords, you must
use delimited identifiers when you
refer to those objects. For more
information, see Identifiers (DMX)."
http://msdn.microsoft.com/en-us/library/ms132178.aspx
In Apache Drill, use backquotes:
select `from` from table;
If you ARE using SQL Server, you can just simply wrap the square brackets around the column or table name.
select [select]
from [table]
I have also faced this issue.
And the solution for this is to put [Column_Name] like this in the query.
string query= "Select [Name],[Email] from Person";
So it will work perfectly well.
Hi I work on Teradata systems that is completely ANSI compliant. Use double quotes " " to name such columns.
E.g. type is a SQL reserved keyword, and when used within quotes, type is treated as a user specified name.
See below code example:
CREATE TABLE alpha1
AS
(
SEL
product1
type_of_product AS "type"
FROM beta1
) WITH DATA
PRIMARY INDEX (product1)
--type is a SQL reserved keyword
TYPE
--see? now to retrieve the column you would use:
SEL "type" FROM alpha1
I ran in the same issue when trying to update a column which name was a keyword. The solution above didn't help me. I solved it out by simply specifying the name of the table like this:
UPDATE `survey`
SET survey.values='yes,no'
WHERE (question='Did you agree?')
The following will work perfectly:
SELECT DISTINCT table.from AS a FROM table
Some solid answers—but the most-upvoted one is parochial, only dealing with SQL Server. In summary:
If you have source control, the best solution is to stick to the rules, and avoid using reserved words. This list has been around for ages, and covers most of the peculiarities. One tip is that reserved words are rarely plural—so you're usually safe using plural names. Exceptions are DIAGNOSTICS, SCHEMAS, OCTETS, OFFSETS, OPTIONS, VALUES, PARAMETERS, PRIVILEGES and also verb-like words that also appear plural: OVERLAPS, READS, RETURNS, TRANSFORMS.
Many of us don't have the luxury of changing the field names. There, you'll need to know the details of the RDBM you're accessing:
For SQL Server use [square_braces] around the name. This works in an ODBC connection too.
For MySQL use `back_ticks`.
Postgres, Oracle and several other RDBMs will apparently allow "double_quotes" to be used.
Dotting the offending word onto the table name may also work.
You can put your column name in bracket like:
Select [from] from < ur_tablename>
Or
Put in a temprary table then use as you like.
Example:
Declare #temp_table table(temp_from varchar(max))
Insert into #temp_table
Select * from your_tablename
Here I just assume that your_tablename contains only one column (i.e. from).
In MySQL, alternatively to using back quotes (`), you can use the UI to alter column names. Right click the table > Alter table > Edit the column name that contains sql keyword > Commit.
select [from] from <table>
As a note, the above does not work in MySQL
Judging from the answers here and my own experience. The only acceptable answer, if you're planning on being portable is don't use SQL keywords for table, column, or other names.
All these answers work in the various databases but apparently a lot don't support the ANSI solution.
Simple solution
Lets say the column name is from ; So the column name in query can be referred by table alias
Select * from user u where u.from="US"
In Oracle SQL Developer, pl/sql you can do this with double quotes but if you use double quotes you must type the column names in upper case. For example, SELECT "FROM" FROM MY_TABLE
Related
I'm new to php and sql , so could you please help me by telling me how to fix this sql error.
The sql is below.
INSERT INTO xml-group (id,groupid,name,descriptor,cust_id)
VALUES (1,1,'other contacts','other contacts',16)
The error is:
You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near '-group (id,groupid,name,descriptor,cust_id) VALUES
('0','0','mobiles','mobile',1' at line 1
Many thanks
The - isn't allowed in an unquoted table name. Use backticks to quote xml-group:
INSERT INTO `xml-group` (id,groupid,name,descriptor,cust_id)
VALUES (1,1,'other contacts','other contacts',16)
Btw, in a well designed database schema you might avoid such names and use _ instead.
use backticks arround table name it causes GROUP a special keyword of mysql
INSERT INTO `xml-group` (id,groupid,name,descriptor,cust_id)
VALUES (1,1,'other contacts','other contacts',16)
"-" Hyphen is not allowed in SQL syntax.
use backticks (`) symbol to escape it.
Also, if field ID is an auto-number field, primary index and "1" is already assigned, you'll get an error. (Same with any other fields that require unique values...)
Two options to fix it:
Replace xml-group with xml_group
Include backticks around it such as `xml-group`
Personally I would do both of those above options, but you can get away with just one.
You are best to enforce the use of back ticks for a few reasons. The primary reason I use back ticks myself is:
You do not have to worry about clashing with reserved or future key words.
Other reasons, but often dependant on personal preference and coding standards you have/can enforce on the whole code base are:
You can easily search the entire project for the use of that specific table. If for example you did SELECT user FROM users there is a good chance you have method names, variables, comments etc all containing the word "user" making it hard to find all the queries containing a reference to the user table amongst so many false positives. However, if you enforce the use of back ticks you just have to search for `users` to find all queries referencing it along with fields (as long as you haven't abstract the queries to the point where they are built up at runtime like: "SELECT `$field` FROM `$table`").
It can help with clarity and readability as it visually separates keywords from variable values like field names and table names even if everything is in lower case.
I try to query a mysql column which has the name "5". This outputs the wrong column which has the name "22".
This is my php code, $pid is the variable I am getting from the android app and is always a number. When I search with $pid = 5, instead of getting the column "5" with artist1, it is getting the column "22" with eternal1.
Basically it confuses the Column Name with # in the first print screen. If the # doesn't exist, then it searches correctly; so if I search with 16 I get the column 16. How do I fix this?
$pid = $_GET["pid"];
$result=mysql_query("SELECT * FROM TableComments WHERE `$pid` IS NOT NULL ");
http://imgur.com/WFsfEtB
http://imgur.com/rZA27XC
This is by design in the SQL dialects I can think of offhand. I know several people who, out of habit, add order by 0 desc or order by 1 to ad hoc queries, the first to pick what typically is the ID column and the second what is often a "Name" column or similar. They're querying based on the ordinal position of the field in the query (or the schema, in the case of *)
In order to get a column named 5, you need to use the appropriate SQL quoting mechanism for your dialect and configuration. As an example, Microsoft Sql and Access would typically use select * from tablecomments where [5]=5; in Postgres and Oracle you'd use select * from tablecomments where "5"=5, and in Mysql, Quoted Identifiers are quoted with a backtick select * from tablecomments where `5`=5. In Microsoft SQL you can also make things more like Oracle and Postgres if your session has SET QUOTED_IDENTIFIER ON, in which case you'd use quotes instead of square brackets.
As an aside, but a very important one, you should not take user input and directly embed it in SQL. If someone were to intercept the HTTP transmission between your Android app and your PHP app (trivial with a proxy like Charles or Fiddler), they'd be able to replay the http request with arbitrary SQL injected. As other commenters have noted, please use a parameterized query instead.
Since you're trying to modify the query itself rather than the parameters, you may need to consider whitelisting the allowed field names (or compare the string you're sent against the fields represented in the schema).
Wrap the column-name into backticks:
SELECT * FROM TableComments WHERE `$pid` IS NOT NULL
Start using PDO instead of old, unsafe and deprecated mysql_*
This question already has an answer here:
Syntax error due to using a reserved word as a table or column name in MySQL
(1 answer)
Closed 8 years ago.
This is the error message and my code. I just don't see the error.
Description:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'key='cbd1f3bb822e8617b624301774287490d3fcd97e' LIMIT 1' at line 1
Query:
SELECT *
FROM wp_wpsc_api_keys
WHERE name='MichelleAllen17'
AND key='cbd1f3bb822e8617b624301774287490d3fcd97e'
LIMIT 1
Any ideas of what can be the issue in my sql are welcome
KEY is a reserved keyword, it must be escaped with backtick.
SELECT *
FROM wp_wpsc_api_keys
WHERE name = 'MichelleAllen17' AND
`key` = 'cbd1f3bb822e8617b624301774287490d3fcd97e'
LIMIT 1
MySQL Reserved Keywords
put backtiks around the field names
...where `name`=... `key`
As an alternative to backticks, another "best practice" pattern is to QUALIFY all column names with the table_name, or a convenient table alias, e.g.
SELECT t.*
FROM wp_wpsc_api_keys t
WHERE t.name='MichelleAllen17'
AND t.key='cbd1f3bb822e8617b624301774287490d3fcd97e'
LIMIT 1
This prevents MySQL from seeing the column name "key" as a reserved word.
Let's be clear: the problem in your query isn't a lack of backticks... the problem is that MySQL is seeing a token in your query text (in this case "key") as a reserved word, rather than as the name of the column. The solution is to prevent MySQL from seeing that token as a keyword. Using backticks is one way to accomplish that, but they aren't required.
Using backticks is entirely valid, and can be done along with qualifying the column names. The backicks are required when the column name contains spaces or special characters. Here is the same query, with the table and column names enclosed in backticks:
SELECT t.*
FROM `wp_wpsc_api_keys` t
WHERE t.`name`='MichelleAllen17'
AND t.`key`='cbd1f3bb822e8617b624301774287490d3fcd97e'
LIMIT 1
I just happen to find it annoying to have to look at, or type, backticks that are unnecessary. It is MUCH MORE useful use of keystrokes (for me) to have the column names qualified ("t."), even if that isn't required, just because I am SO used to seeing column names qualified whenever there is more than one table in a query (which happens a LOT for a lot of really useful queries.)
I have a short question about mysql query.
What is correct?
SELECT * FROM Persons WHERE Year='1965'
Or
SELECT * FROM `Persons` WHERE `Year` = '1965'
Is this a personal choice or is this something what is really wrong?
Quotes are needed if your identifiers (column, table names, operators, etc.) contain MySQL reserved words.
See here for the complete list of reserved words: http://dev.mysql.com/doc/refman/5.5/en/reserved-words.html
Both are correct, but the second one will ALWAYS be accepted, even when you use keywords or functions like while and NOW() that would normally be seen as operators.
What if you have a table named table, or a column named where. These are reserved keywords. If you used those in your queries without backticks, they'd produce an invalid query (Of course, using reserved keywords is bad practice).
SELECT something FROM table WHERE where = 1;
vs.
SELECT something FROM `table` WHERE `where` = 1;
Both methods are correct, the single quotation mark indicates starts and endings of a string.
Therefore if you for example use a column alias with a space like Birth year then you will need to use the single quotation mark like this;
... WHERE `Birth year` = `1965`
However it is not recommended only use more then one word in the aliases.
And as #Cody Caughlan said also when you use MySQL reserved words.
INSERT INTO expense (date,desc,price,out,method)
VALUES ('$time','$desc','$price','$out','$method');
What is wrong in the MySQL statement above? I have checked all the other stuff in my code but only this seems to be buggy.
I am passing this statement to mysql_query() function in PHP. It gives me an error and does not insert the data in the row.
All the variables above are also present.
So what could be the problem?
desc is keyword in SQL (order by `key` desc). You cannot use barewords which are also keywords in SQL. In this case, you should escape desc with ` symbol (like `desc`). date is also keyword, but MySQL decided to allow it's incorrect usage because of common usage before making it keyword. But not every database engine allows this, so be careful.
But, it's good practice to actually quote all keys, even if it's not needed - this way you could protect against adding keywords in SQL which would break your queries.
ORDER BY
List of keywords (in MySQL)
'date' is a MySQL keyword (for the date field type). You should enclose the field name with backticks like this:
INSERT INTO expense (`date`,desc,price,out,method)
(I think the other fields are fine, but you could add backticks to those as well if you like)