SQL Update case clause support by jOOQ - case

Please advise if there is a support for case clause in SQL update statement by jOOQ library? https://www.jooq.org/ I mean what would be the equivalent for
UPDATE TABLE1 SET status = case
when status = 'status1' then 'status2'
when status = 'status2' then 'status3'
end
I saw examples for select statement in their tutorial but non for update unfortunately. Could it be something like?
DSL.update(DSL.table("table1")).set(DSL.field("status"), DSL.case(...))

Luckily, there's no difference between SELECT or UPDATE statement support in jOOQ with respect to how arbitrary column expressions are dealt with. Hence, you will just use the CASE expression support in your statement.
You can create a CASE expression using DSL.case_() or DSL.when() directly.

Related

Error with SQLite query, What am I missing?

I've been attempting to increase my knowledge and trying out some challenges. I've been going at this for a solid two weeks now finished most of the challenge but this one part remains. The error is shown below, what am i not understanding?
Error in sqlite query: update users set last_browser= 'mozilla' + select sql from sqlite_master'', last_time= '13-04-2019' where id = '14'
edited for clarity:
I'm trying a CTF challenge and I'm completely new to this kind of thing so I'm learning as I go. There is a login page with test credentials we can use for obtaining many of the flags. I have obtained most of the flags and this is the last one that remains.
After I login on the webapp with the provided test credentials, the following messages appear: this link
The question for the flag is "What value is hidden in the database table secret?"
So from the previous image, I have attempted to use sql injection to obtain value. This is done by using burp suite and attempting to inject through the user-agent.
I have gone through trying to use many variants of the injection attempt shown above. Im struggling to find out where I am going wrong, especially since the second single-quote is added automatically in the query. I've gone through the sqlite documentation and examples of sql injection, but I cannot sem to understand what I am doing wrong or how to get that to work.
A subquery such as select sql from sqlite_master should be enclosed in brackets.
So you'd want
update user set last_browser= 'mozilla' + (select sql from sqlite_master''), last_time= '13-04-2019' where id = '14';
Although I don't think that will achieve what you want, which isn't clear. A simple test results in :-
You may want a concatenation of the strings, so instead of + use ||. e.g.
update user set last_browser= 'mozilla' || (select sql from sqlite_master''), last_time= '13-04-2019' where id = '14';
In which case you'd get something like :-
Thanks for everyone's input, I've worked this out.
The sql query was set up like this:
update users set last_browser= '$user-agent', last_time= '$current_date' where id = '$id_of_user'
edited user-agent with burp suite to be:
Mozilla', last_browser=(select sql from sqlite_master where type='table' limit 0,1), last_time='13-04-2019
Iterated with that found all tables and columns and flags. Rather time consuming but could not find a way to optimise.

what is :<variablename> in CAST statement in PL SQL

I found a query like select cast (:v as customtabletype) from dual.
Not able to understand what is the meaning of above line, written as dynamic query.
:<variablename>, in your case ":v", is what is known as a bind variable.
Essentially, this is a placeholder which is replaced with another value as the SQL statement is executed.
For more in-depth reading it is probably worth looking for bind variables in the Oracle documentation, as there is a lot of information available on why they're used and their benefits.

what difference between ax query and select

I'm looking for difference between ax query and select (or while select)
In this example i don't see what's i can not do with statement select : the example of ax query in msdn
I think I misunderstood the syntax of ax query ranges :'(
A (while) select is a 'one use' statement, ie, you put it inline in your code and it is used only there.
A query can be setup to require parameters and can be used multiple times throughout your class or saved into the AOT for use in any class.
Generally I only use select statements for simple queries where its not worth the effort to create a query, for anything more complex I use queries.

Sqlite delete query error

delete N.* from Tbl_Nodes N, Data_Tree DT WHERE N.Part = DT.Part
for this command I am getting following error.
System.Data.SQLite.SQLiteException: SQLite error near "N": syntax error
Above command works fine for MSAccess.
Is there any alternative to use table shortcut in Sqlite?
The DELETE statement operates on a single table and does not use a table alias. Therefore, your FROM clause must read FROM Tbl_Nodes.
You're probably looking for:
delete from Tbl_Nodes WHERE Part IN (SELECT Part FROM Data_Tree)
Note that this will remove all nodes from Tbl_Nodes that have a corresponding Part value in Data_Tree but does not remove any records from Data_Tree itself.
While SQL varies somewhat among vendors, as a general principle it's a mistake to learn SQL from MS Access and try to apply it to other products. MS Access features some very non-standard constructions.
Using an alias for the table?
FROM table AS t1
You're missing a bit of your SQL statement there I guess but does it not work if you just say:
delete N from Tbl_Nodes N, Data_tree DT WHERE...(rest of statement)
I've just removed the .*

Basic SQL count with LINQ

I have a trivial issue that I can't resolve. Currently our app uses Linq to retrieve data and get a basic integer value of the row count. I can't form a query that gives back a count without a 'select i'. I don't need the select, just the count(*) response. How do I do this? Below is a sample:
return (from io in db._Owners
where io.Id == Id && io.userId == userId
join i in db._Instances on io.Id equals i.Id **select i**).Count()
;
The select i is fine - it's not actually going to be fetching any data back to the client, because the Count() call will be translated into a Count(something) call at the SQL side.
When in doubt, look at the SQL that's being generated for your query, e.g. with the DataContext.Log property.
Using the LINQ query syntax requires a select statement. There's no way around that.
That being said, the statement will get transformed into a COUNT()-based query; the select i is there only to satisfy the expression system that underlies the LINQ query providers (otherwise the type of the expression would be unknown).
Including the select will not affect the performance here because the final query will get translated into SQL. At this point it will be optimized and will be like select (*) from ......

Resources