I need to be able to execute an update SQL script, but it isn't working
Here is a link to the site that I used for reference:
https://groovyinsoapui.wordpress.com/tag/sql-eachrow-groovy-soapui/
Here is the format of the code that I ended up writing (due to the nature of the work I am doing, I am unable to provide the exact script that I wrote)
import groovy.sql.Sql
def groovyUtils = new com.eviware.soapui.support.GroovyUtils(context)
groovyUtils.registerJdbcDriver("com.microsoft.sqlserver.jdbc.SQLServerDriver")
def connectString = "jdbc:microsoft:sqlserver://:;databaseName=?user=&password="
sql = Sql.newInstance(connectString) // TEST YOUR CONNECT STRING IN A SQL BROWSER
sql.executeUpdate("UPDATE TABLE SET COLUMN_1 = 'VALUE_1' WHERE COLUMN_2 = 'VALUE_2'")
The response that I am getting is:
Script-result: 0
I also tried to use:
sql.execute("UPDATE TABLE SET COLUMN_1 = 'VALUE_1' WHERE COLUMN_2 = 'VALUE_2'")
Which returns the following response:
Script-result: false
From what you say it seems that no row has COLUMN_2 = 'VALUE_2', so then number of updated rows is 0.
I would first check that statement on Management Studio just to make sure.
Related
I'm using flask-sqlalchemy to update mssql record, but it returns -1.
Library versions:
SQLAlchemy 1.3.11
Flask-SQLAlchemy 2.4.1
pyodbc 4.0.27
flask 1.1.1
Code part 1:
ret = db.session.query(XXX).filter_by(id=1).update({"xxx": "xxxx"})
print("ret", ret)
db.session.commit()
The ret is -1, but the record has been modified .
Code part 2:
obj = XXX.query.filter_by(id=q).first()
obj .xx = "xxx"
db.session.commit()
Raise error:
sqlalchemy.orm.exc.StaleDataError: UPDATE statement on table 'XXX' expected to update 1 row(s); -1 were matched.
And the modify did not successed.
According to SQLAlchemy documentation, there's currently a limitation with some versions of SQL Server drivers not returning the number of records for UPDATE and DELETE statements. I'm currently faced with the issue on Linux, but it's working fine on Windows.
Here's also a related SQL Alchemy issue
I used the column as a version indicator (the documentation recommended creating a SQLServer ROWVERSION however, SQLAlchemy/PyODBC, again on Linux, was not able to assign proper FetchedValues() from the database as bytes into the fields. I also tried using a DateTime2 field - however again for SQLAlchemy accuracy when mapping the field to Python (7 precision)
I ended up implementing the following change:
Since I had the ID column already assigned by the database (IDENTITY), I used that field as the version indicator.
__mapper_args__ = {
'version_id_col': id_column,
'version_id_generator': False,
}
The SQLAlchemy update statements now looks like:
UPDATE <TABLE> SET <column>=? OUTPUT inserted.<ID-COLUMN> WHERE <TABLE>.<ID-COLUMNS> <ID-COLUMN> = ? AND <TABLE>.<ID-COLUMN> = ?
[('updated data', 123456, 123456)]
I have created a Python function which creates multiple query statements.
Once it creates the SQL statement, it executes it (one at a time).
Is there anyway to way to bulk run all the statements at once (assuming I was able to create all the SQL statements and wanted to execute them once all the statements were generated)? I know there is an execute_stream in the Python Connector, but I think this requires a file to be created first. It also appears to me that it runs a single query statement at a time."
Since this question is missing an example of the file, here is a file content that I have provided as extra that we can work from.
//connection test file for python multiple queries
import snowflake.connector
conn = snowflake.connector.connect(
user = 'xxx',
password = '',
account = 'xxx',
warehouse= 'xxx',
database= 'TEST_xxx'
session_parameters = {
'QUERY_TAG: 'Rachel_test',
}
}
while(conn== true){
print(conn.sfqid)import snowflake.connector
try:
conn.cursor().execute("CREATE WAREHOUSE IF NOT EXISTS tiny_warehouse_mg")
conn.cursor().execute("CREATE DATABASE IF NOT EXISTS testdb_mg")
conn.cursor().execute("USE DATABASE testdb_mg")
conn.cursor().execute(
"CREATE OR REPLACE TABLE "
"test_table(col1 integer, col2 string)")
conn.cursor().execute(
"INSERT INTO test_table(col1, col2) VALUES " +
" (123, 'test string1'), " +
" (456, 'test string2')")
break
except Exception as e:
conn.rollback()
raise e
}
conn.close()
The reference to this question refers to a method that can be done with the file call, the example in documentation is as follows:
from codecs import open
with open(sqlfile, 'r', encoding='utf-8') as f:
for cur in con.execute_stream(f):
for ret in cur:
print(ret)
Reference to guide I used
Now when I ran these, they were not perfect, but in practice I was able to execute multiple sql statements in one connection, but not many at once. Each statement had their own query id. Is it possible to have a .sql file associated with one query id?
Is it possible to have a .sql file associated with one query id?
You can achieve that effect with the QUERY_TAG session parameter. Set the QUERY_TAG to the name of your .SQL file before executing it's queries. Access the .SQL file QUERY_IDs later using the QUERY_TAG field in QUERY_HISTORY().
I believe though you generated the .sql while executing in snowflake each statement will have unique query id.
If you want to run one sql independent to other you may try with multiprocessing/multi threading concept in python.
The Python and Node.Js libraries do not allow multiple statement executions.
I'm not sure about Python but for Node.JS there is this library that extends the original one and add a method call "ExecutionAll" to it:
snowflake-multisql
You just need to wrap multiple statements with the BEGIN and END.
BEGIN
<statement_1>;
<statement_2>;
END;
With these operators, I was able to execute multiple statement in nodejs
In sqlserver I have a function which generates a complex xml of all products with several tables joined: location, suppliers, orders etc.
No problem in that, it runs in 68 sec and produces around 450MB.
It should only be called occationally during migration to another server, so it doesn't matter it takes some time.
I want to make this available for download over webserver.
I've tried some variations of this in classic asp:
Response.Buffer = false
set rs=conn.execute("select cast(dbo.exportXML() as varchar(max)) as res")
response.write rs("res")
But I just get a standard
An error occurred on the server when processing the URL. Please contact the system administrator.
If you are the system administrator please click here to find out more about this error.
Not my usual custom 500-errorhandler, so I'm not sure how to find the error.
The problem is in response.write rs("res"), if i just do
temp = rs("res")
the script runs, but displays nothing of cause; if I then
response.write temp
I get the same failure.
So the problem is writing such a ling string.
Can I save the file from tsql directly; and run the job periodically from sql agent?
I found that there seems to be a limit on how much data can be written at once using Response.Write. The workaround I used was to break the data into chunks like this:
Dim Data, Done
Done = False
Do While Not Done
Data = RecordSet(0).GetChunk(8192)
If Not Len(Data) = 0 Then
Response.Write Data
Else
Done = True
End If
Loop
Try this:
Response.ContentType = "text/xml"
rs.CursorLocation = 3
rs.Open "select cast(dbo.exportXML() as varchar(max)) as res",conn
'Persist the Recordset in XML format to the ASP Response object.
'The constant value for adPersistXML is 1.
rs.Save Response, 1
I have website as Classic ASP as Front end and SQL Server 2005 as Back end.
But I am facing a very strange SQL injection on my back end.
Some type of CSS with HTML with spamming site is appending their code to my website database with each table and with each varchar type columns.
For e.g.
</title><style>.am1y{position:absolute;clip:rect(405px,auto,auto,405px);}</style><div class=am1y>same day <a href=http://mazzpaydayloans.com >payday loans</a></div>
I Checked My IIS Log It shows me like this
2013-06-09 19:15:54 GET
/mypage.asp%3C/title%3E%3Cstyle%3E.axo5{position:absolute;clip:rect(404px,auto,auto,404px);}%3C/style%3E%3Cdiv%20class=axo5%3Eapproval%20%3Ca%20href=http:/mazzpaydayloans.com%20%3Epayday%20loans%3C/a%3E%3C/div%3E
- - 204.13.205.99 HTTP/1.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1)
loginfailure=chance=0&bantime=;+ASPSESSIONIDSSDRRCQQ=EDPHPJGCGLMKOADICKHODKBM
- www.mysite.com 404 0 281 543 78
On my this selected ASP Page all SQL queries are parametrized.
But still this issue is persists.
MyPage.asp Code
new_prot = "http"
new_https = lcase(request.ServerVariables("HTTPS"))
if new_https <> "off" then new_prot = "https"
new_domainname = Request.ServerVariables("SERVER_NAME")
new_filename = Request.ServerVariables("SCRIPT_NAME")
set cm1 = Server.CreateObject("ADODB.Command")
cm1.ActiveConnection = conn
cm1.commandtype=1
cm1.CommandText ="select * from Table1 where Web=?"
cm1.prepared=true
dim weburl
set weburl=cm1.createparameter(Web_URL,200,,5000)
weburl.value= Server.HtmlEncode(ltrim(rtrim(new_filename)))
cm1.parameters.append weburl
set Mobile = cm1.execute(RecordsAffected,,adCmdText)
do until Mobile.EOF
response.redirect(Mobile.fields("mob"))
loop
First, your query may be parameterised, but you need to impliment a stored procedure, not a straight SQL command.
set cm1 = Server.CreateObject("ADODB.Command")
cm1.ActiveConnection = conn
cm1.commandtype=1
cm1.CommandText ="select * from Table1 where Web=?"
command text is a no no
you need to impliment a stored procedure:
CREATE ProcTable
#ParamWeb INT
as
SELECT * FROM Table WHERE PAgeID = #ParamWeb
Then Exec the proc. This prevents injection because the page can ONLY accept the numeric value of the proc, and that will only return the revelant dataset (empty or with rows)
Your command text can have
"; any injection script you want"
appended
any injection script can contain sqlcmdShell so once the injection has been made the bad guys can return a list of tables, their content, users, user data etc etc
I'm trying to run the following UPDATE query from a python script (note I've removed the database info):
print 'Connecting to db for update query...'
db = pyodbc.connect('DRIVER={FreeTDS};SERVER=<removed>;DATABASE=<removed>;UID=<removed>;PWD=<removed>')
cursor = db.cursor()
print ' Executing SQL queries...'
for i in range(len(data)):
sql = '''
UPDATE product.sanction
SET action_summary = '{action_summary}'
WHERE sanction_id = {sanction_id};
'''.format(sanction_id=data[i][0], action_summary=data[i][1])
cursor.execute(sql)
cursor.close()
db.commit()
db.close()
However, it hangs indefinitely, no error.
I'm new to pyodbc, but it should be setup correctly considering I'm having no problems performing SELECT queries. I did have to call CAST for SELECT queries (I've cast sanction_id AS INT [int identity on the database] and action_summary AS TEXT [nvarchar on the database]) to properly populate data, so perhaps the problem lies somewhere there, but I don't know where to start debugging. Converting the text to NVARCHAR didn't do anything either.
Here's an example of one of the rows in data:
(2861357, 'Exclusion Program: NonProcurement; Excluding Agency: HHS; CT Code: Z; Exclusion Type: Prohibition/Restriction; SAM Number: S4MR3Q9FL;')
I was unable to find my issue, but I ended up using QuerySets rather than running an UPDATE query.