Are queries or statements like (INSERT and SELECT)belong to any language LIKE(SQL OR PHP) or is it just a style of code(writing or entered into) the databases like MySQL.
Thank u :)
INSERT, SELECT, UPDATE, DELETE etc are part of sql. And almost every Database Package support sql as a query language to communicate with database.
Reference
Related
Im trying to build a form to allow binding of keywords to articles. This SQL statement works directly as a query but I dont know how to package it as a pdo statement. It adds the keyword to a Keyword Table and Keyword ID + Article ID to a many to many mapping table.
$insertK = $dbh->prepare("INSERT IGNORE INTO Keywords (Keyword)
VALUES (:KeywordID1);
INSERT INTO Keyword_Article (KeywordID, ArticleID)
VALUES ((SELECT KeywordID FROM Keywords WHERE Keyword = :KeywordID2), :ArticleID)");
$insertK->bindParam(':KeywordID1', $keywordID);
$insertK->bindParam(':KeywordID2', $keywordID);
$insertK->bindParam(':ArticleID', $articleID);
$insertK->excecute();
Ive seen PDO inserts a few different ways but none that do two statements into two different tables.
EDIT*
If its not possible then how could I make sure that the first insert is finished before running the second query?
This is quite common misconception.
For some reason people constantly trying to stuff as many queries in one call as possible.
While there is actually no reason at all.
Just run all your queries one by one usual way.
There is absolutely nothing wrong with it.
How to insert data into two or more tables?
Currently I am using this trick. (Let just assume that the syntax is correct)
$Sql1 = "insert into user";
$Sql2 = "insert into files";
$Sql3 = "insert into messages";
query $Sql1
query $$ql2
query $Sql3
So I am using this and I need to optimize.
Also, I think I need to use Foreign key? But I don't know how to do it on phpmyadmin.
and lastly:
This is all I want.
To insert data on the "user" table and then automatically the table "messages" and "files"
will have also an ID which is the same with the user.. That is why I use to 3 queries in my code.
Please help me.
Thanks in ADVANCE!
myb
It is perfectly fine to use multiple queries.
However, you should wrap the 3 queries into one transaction. That is, if one query fails for some reason, the effects of all previous queries (if any) can be rolled back so that your database stays in a consistent state.
Note: Transactions are not possible with MySQL's MyISAM tables. Additionally you have to use PHP's Mysqli (or PDO) to be able to use transactions. (I assume that you're not using some high-level data base abstraction layer.)
As to your question regarding foreign keys: As far as I know, it makes no difference when you're using the MyISAM engine for the tables in your database (which I presume), because MyISAM doesn't even support the explicit modeling of foreign keys. Other table engines like InnoDB, however, can use foreign keys to check certain constraints like "a message must always be associated with an existing person".
Here are some nice examples regarding foreign keys: http://www.postgresql.org/files/documentation/books/aw_pgsql/node131.html
This is the answer, I think : http://dev.mysql.com/doc/refman/5.1/en/example-foreign-keys.html
With mysql u can use LAST_INSERT_ID() or in php mysql_insert_id() function. Checkout this manual entries:
http://dev.mysql.com/doc/refman/5.0/en/getting-unique-id.html
http://php.net/manual/en/function.mysql-insert-id.php
how can i run a query that joins two tables from TWO different Databases in mssql_query or mysql_query in php
for example
$conn=mssql_connect($ip,$username,$password);
mssql_select_db("DB1",$conn);
$q="select A.name,B.ID from DB1.dbo.T1 A, DB2.dbo.T2 B where A.ID=B.ID";
$res=mssql_query($q);
how to run such query??
Just prefix the tablenames with the database name, as you are already doing.
The user login that you are using to connect to mySQL needs to have access to both databases. Without this, it is impossible.
I think something like this:
SELECT X.field1, Y.field2
FROM database1.table_a AS X
INNER JOIN database2.table_b as Y
ON X.id=Y.id
[EDITED]
Sorry I didn't finish the post, you should use mysqli http://www.php.net/manual/en/mysqli.query.php (don't worry for the constructor, put just 1 database) and run the query as a regular query. Also, like the guy in the top said, the user that makes the query must have the permissions for both tables.
I have these tables: My final mysql db, could someone check if the tables are correctly made?
How can I make an Insertion of an ad here?
Is join used on insert also?
Thanks
Clarification: I need to insert values into multiple tables here, and don't know how to do it else than using multiple INSERT INTO statements.
So I wonder if there is anyway to make just ONE statement (one line) and use JOIN to INSERT?
As far as I'm aware of, you can't INSERT data into multiple tables Within one plain SQL statement.
There are many database abstraction frameworks out there which can do something like that (DOCTRINE TO THE RESCUE!!) but thats a whole other story.
SQL for it self it not capable of such things.
No it's not possible with an INSERT statement to insert into multiple tables. But you could use a stored procedure that would nicely batch the various inserts, and the application would have only one SQL command to emit.
I don't understand your first question about the ads. As for the second, JOIN will not be used on a standard table unless you are using it in an INSERT...SELECT statement, which you very likely aren't.
this is part of a security audition, so there is no way to "change" the query.
Basically, what I found is a flaw that allows statement manipulation, so basically it goes like:
$query = "DELETE FROM `products` WHERE `products`.`whatever` = $variable";
This is PHP, so as far as I know there is no way to execute multiple queries. Using this SQL Injection, I was able to "clear" this table by running "0 OR 1=1#".
This works just fine, but it doesn't allow me to choose more tables to delete from.
This is, in pseudocode what I want to do:
DELETE FROM `products` WHERE `products`.`whatever` = **0 OR 1=1, FROM `othertable` WHERE `othertable`.`othercolumn` = 0 OR 1=1**
Is this plausible anyhow?
If this isn't reliable, is there any other way I could use this?
You can't have multiple FROM clauses for the same DELETE statement, so you can't go about it exactly how you'd want to. If the MySQL db had 'allow multiple queries per statement' turned on, you could try to terminate the one DELETE query and then tack on another to the end, so that it'd look like this:
DELETE FROM `products` WHERE `products`.`whatever` = **0 OR 1=1; DELETE FROM `othertable` WHERE `othertable`.`othercolumn` = 0 OR 1=1**
But that's about it.
Perhaps I don't fully understand the question, but what I take away is that you're building a SQL command as a string and running that string directly against a MySQL database.
You can separate multiple commands using the command separator (usually ';'), so you could run pretty much any command you want as this comic aptly illustrates.
If your database configuration supports multiple commands (or might in the future if someone changes today's setting), you want to ensure you don't have a command separator as part of the input. See this article for advice on sanitizing your input to prevent this type of attack.
As you stated, multiple queries are not supported by the normal MySQL driver module. From the manual for mysql_query:
mysql_query() sends a unique query
(multiple queries are not supported)
to the currently active database on
the server that's associated with the
specified link_identifier .
Unfortunately for your injection efforts, DELETE syntax only supports multiple table deletes by specifying them in the FROM clause. Your injected variable is part of the WHERE, so the most damage you can do is to the single specified table.
Contrary to popular belief, you can actually run multiple MySQL statements from PHP, you just have to be using a different database driver module such as MySQLi. See MySQLi::multi_query().