So i am storing my users 'freinds' in a database and i am currently using this to add there freind to it
socket.on('addFreind', function(username, freind) {
console.log("ADD FREIND " + freind + "TO " + username)
let query = 'update users set freinds="' + freind + '" where username = "' + username + '"';
connection.query(query, function(err) {
console.log(err)
});
});
but that just replaces the original value with the new one how can i add to the original value
i have tried querying the original value and adding it to an array and then adding the new value to that array then putting it in my database but that failed horribly and i was wondering if there was just a simple way to do this
Related
i have a select query to a local database and for some reason the following error shows up:
ER_PARSE_ERROR: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'FROM site WHERE name = OCC AND date_start = 2018-07-30 08:00:00 AND date_end = '' at line 1
here's my query:
connection.query("SELECT *, FROM shop WHERE name = " + shop_name + " AND date_start = " + myDate + " AND date_end = " + myDate2, function (err, result)
{
if (err)
{
console.log("Error Is:" + err);
}
else
{
console.log('DATA EXISTING IS =' + JSON.stringify(result));
}
});
am i missing something?
The usual mantra: use parameterized queries. They will prevent SQL injections and make your service more secure. Furthermore they will take care of the usual pitfalls when building a query using string concatenation.
Let's have a look at your query
"SELECT *, FROM shop WHERE name = " + shop_name + " AND date_start = " + myDate + " AND date_end = " + myDate2
Which spells out to something like
SELECT *, FROM shop WHERE name = myshop AND date_start = 2018-07-30 AND date_end = 2018-08-10
There are at least 3 errors
The , behind the SELECT * this is also the one the error tells you about. I suppose you had a column list and replaced it with *
The shop name column is most certainly some char column. So you have to enclose your values with quotes
Also the dates must be used with quotes, so the SQL engine will parse it to a date and do the comparison. For some SQL engines there is also a special annotation for dates. Have a look in the documentation.
This query should work
"SELECT * FROM shop WHERE name = '" + shop_name + "' AND date_start = '" + myDate + "' AND date_end = '" + myDate2 +"'"
depending on what myDate and myDate2 are.
At least problems 2 and 3 would not happen if you use parameterized queries. Consult the documentation of the library you are using.
In CRM 2013 I'm writing a javascript to remove certain email participants that contains a specific email address (in my code below it's test#test.com).
I was told that the best way to do this is to remove the whole email participants and re-build it, because there is no good way of just removing a specific participant from the email (please correct me if there's a better way).
So first I get all of the party in the "to" field in the email. Then I push the 'satisfactory' participants into a new array. The participants that contain test#test.com email will not be pushed into this new array i.e. get dropped from the list.
However I'm having problem trying to get the email address value from the "toParty" list.
This doesn't seem to work and returning undefined instead. Here I'm going by the email's schema name which is 'EMailAddress1'. Trying 'emailaddress1' doesn't work either.
toParty[indxAttendees].EMailAddress1 --> doesn't work
Any ideas is greatly appreciated.
var toParty = Xrm.Page.getAttribute("to").getValue();
for (var indxAttendees = 0; indxAttendees < toParty.length; indxAttendees++) {
var partyListData = new Array();
if (toParty[indxAttendees].EMailAddress1 != "test#test.com")
{
//alert("Email address " + indxAttendees + " :" + toParty[indxAttendees].EMailAddress1); --> this will be undefined value
partyListData[indxAttendees] = new Object();
//get ID
partyListData[indxAttendees].id = toParty[indxAttendees].id;
alert("ID " + indxAttendees + " :" + toParty[indxAttendees].id);
//get Name
partyListData[indxAttendees].name = toParty[indxAttendees].name;
alert("Name " + indxAttendees + " :" + toParty[indxAttendees].name);
partyListData[indxAttendees].entityType = toParty[indxAttendees].entityType;
alert("Entity Type " + indxAttendees + " :" + toParty[indxAttendees].entityType);
}
Using oDataQuery works in this case. Just have to write different function for queue since the email address field is different in queue vs. contact/account.
if ((entityType == "contact") || (entityType == "account")) {
select = "$select=EMailAddress1&$filter=" + entityType.charAt(0).toUpperCase() + entityType.slice(1) + "Id eq guid'" + entityId + "'";
var entitySet = entityType.charAt(0).toUpperCase() + entityType.slice(1) + "Set";
XrmServiceToolkit.Rest.RetrieveMultiple(entitySet, select,
function (results) {
if (results.length > 0) {
result = results[0].EMailAddress1;
}
}, function (error) { alert(error); }, function onComplete() { }, false);
return result;
}
This is my code.
pool.getConnection(function (err, connection) {
connection.query("delete from userFiles where type = 1 and
typeId = " + taskId + " and fileName
NOT IN ('?') ",[oldFileNames], function (err, rows) {
});
});
Now the problem is , node js is generating query like this,
delete from table_name where type = 1 and typeId = 1 and
fileName NOT IN (\'\'upload_149f2b78e5fd4096781bb5b8719b874f.png,upload_e8185e896cb0f8bb0b66d807cc60922c.png\'\')
I even tried like this,
connection.query("delete from userFiles where type = 1 and typeId = " + taskId + " and
fileName NOT IN ('" + oldFileNames + "') ",
function (err, rows) {
This generated query like this,
delete from userFiles where type = 1 and typeId = 1 and
fileName NOT IN (\'upload_149f2b78e5fd4096781bb5b8719b874f.png,
upload_e8185e896cb0f8bb0b66d807cc60922c.png\')
Both are causing mysql syntax error for the query(slashes are getting appended).
Can you suggest, what i can do to get rid of this error.
You're not supposed to add the quotes yourself around the ? placeholder. Remove them.
You should also pass an array, not a string. Assuming it's a clean string, you can just use split.
connection.query(
"delete from userFiles where type = 1 and typeId = " + taskId +
" and fileName NOT IN (?) ", [oldFileNames.split(/,\s*/)],
function (err, rows) {
A possible solution is to use connection.escape();
connection.query("delete from userFiles where type = 1 and typeId = " + taskId + "
and fileName NOT IN (" + connection.escape(oldFileNames) + ")");
I'm getting parse errors when I try to use node-mysql to invoke a query on a MYSQL database. I'm pretty sure that the query works. It runs without doubt via phpmyadmin.
Message.save = function(message, callback){
db.query("INSERT INTO e_message (chatid, message, userid) VALUES(" + message.chatid + ", '" + message.message +"', " + message.userid + "); SELECT * FROM e_message WHERE chatid = " + message.chatid + " ORDER BY timestamp DESC LIMIT 0, 1;",
function(err, rows, fields){
console.log(err);
callback(err, new Message(rows[0]));
});
}
I'm getting the follwing error:
{ [Error: ER_PARSE_ERROR: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'SELECT * FROM e_message WHERE chatid = 1 ORDER BY timestamp DESC LIMIT 0, 1' at line 1]
code: 'ER_PARSE_ERROR',
errno: 1064,
sqlState: '42000',
index: 0 }
The query looks like this via console.log():
INSERT INTO e_message (chatid, message, userid) VALUES(1, 'test123', 1);
SELECT * FROM e_message WHERE chatid = 1 ORDER BY timestamp DESC LIMIT 0, 1;
I don't know whats wrong with this...
EDIT:
If I split it into two queries, I get the result I wanted:
Message.save = function(message, callback){
db.query("INSERT INTO e_message (chatid, message, userid) VALUES(" + message.chatid + ", '" + message.message +"', " + message.userid + ");", function(err, rows, fields){
db.query("SELECT * FROM e_message WHERE userid = " + message.userid + " AND chatid = " + message.chatid + " ORDER BY timestamp DESC LIMIT 0, 1;", function(err, rows, filds){
callback(err, new Message(rows[0]));
});
});
}
Thank you!
node-mysql won't by default allow you to issue multiple SQL statements in a single query.
To allow that, you will need to set the multipleStatements connection option when creating the connection.
Note that allowing this may/will put you at risk of SQL injection, particularly if building the statements as strings. For example, if your message.userid was set to the string 1);drop database production;SELECT (, you'd be in trouble.
In this case what you really want may be to do the insert and a second SELECT LAST_INSERT_ID() to get the id the latest record was inserted with. It will return the latest inserted auto increment key for the session, that is, it will not be affected by other inserts by other connections/sessions.
I am working on an application in Appcelerator Titanium. The application uses sqlite database. For inserting into the database, I have written a query with parameters like this:
db.execute("INSERT INTO formData (unique_id,form_xml_id,dateTime_stamp,data,user_id,status) VALUES ('" + Ti.App.mydata._guid + "'," + findex + ",'"+datetime+"','"+fdata1+"'," + Ti.App.information.user_id + ",'" + formstatus + "')");
I have another query to update the database for a different table. But the query is without parameters. Like this:
db.execute("UPDATE formData SET form_xml_id=" + findex + ",dateTime_stamp='" + datetime + "',data='" + fdata + "',user_id=" + Ti.App.information.user_id + ",status='"+ DataStatus +"' where unique_id='" + Ti.App.mydata._guid + "'");
I want to rewrite the update query, like the insert query. How can I do that?
I have a code which update Contacts... you can modify it accordingly:
public int updateContact(Contact contact) {
SQLiteDatabase db = this.getWritableDatabase();
ContentValues values = new ContentValues();
values.put(KEY_NAME, contact.getName());
values.put(KEY_PH_NO, contact.getPhoneNumber());
// updating row
return db.update(TABLE_CONTACTS, values, KEY_ID + " = ?",
new String[] { String.valueOf(contact.getID()) });
}