We re returning a resultset from a sql query in form of JsonArray
SQLConnection connection = conn.result();
connection.query(prepareQuery(filters.getString("limit"), filters.getString("since"), filters.getString("end"), filters.getString("filter")), res -> {
...
handler.handle(Future.succeededFuture(arrayJs));
connection.close();
}); ..
But we need to implement pagination in this now.
What is the best way to go with this in Vertx?
Vert.x does not handle pagination: you must handle it in your SQL queries.
There are examples on Stackoverflow for pagination with Oracle, SQLServer, MySQL, Postgres... etc.
Related
I'm working with the Datastax Node.js driver and I can't figure out when to use a mapper vs. query. Both seem to be able to perform the same CRUD operations.
With a query:
const q = SELECT * FROM mykeyspace.mytable WHERE id='12345';
client.execute(q).then(result => console.log('This is the data', result);
With mapper:
const tableRow = await tableMapper.find({ id: '12345' });
When should I use the mapper over a query and vice versa?
Mapper is a feature from cassandra-driver released in 2018. Using mapper, cassandra-driver can make a map from your cassandra table to an object in nodejs and you can handle in your nodejs application like a set of document.
Using mapper you can make selects or inserts in your database like said in this article:
https://www.datastax.com/blog/2018/12/introducing-datastax-nodejs-mapper-apache-cassandra
With query method, if you need to use or reuse any property from your json you will need to make a Json.Parse().
The short answer is: whatever you find more comfortable.
The Mapper lets you deal with database data as documents (JavaScript objects), builds the CQL query for you, executes the query and maps the results.
On the other hand, the core driver only supports executing CQL queries that you have to write yourself.
I want to execute some query in Views/login.php
I have created database connection in Controller, but i need to execute some sort of queries in Views.
Not able to access it by $this->db->query("") in views, What is the good solution?
Note as DFriend mentionned in the comment of this question, this is a bad practice in an MVC pattern. Queries should always be runned in Models that passed data to the Controller which displays those data in Views.
However if you really want to execute a query into one view you have to initiate your database object before running queries.
$this->db does not exist in your case because your view does not extend a class that has a parameter callled $db
<?php
$db = db_connect();
$query = $db->query('YOUR QUERY');
//you get result as an array in here but fetch your result however you feel to
$result = $query->getResultArray();
?>
Here you create a database connection, then you run your query with the db object your created.
You can use the query builder from within a view or any other function by first creating an instance of the database connection by loading the class first $this->load->database() which will give you access to build your queries using the database object as $this->db->query("YOUR RAW QUERY"). Therefore you might do something like
<?php $this->load->database();
$q = $this->db->query("SELECT * FROM users");
$r = $q->result(); // returns an object by default
?>
Note: it is not good practice to execute outside your models so only do if you must.
I am using node-postgres for a production application and I am wondering if there is anything I should be concerned about? Is the data sanitized automatically by node-postgres?
I couldn't find anything about it on the github page: https://github.com/brianc/node-postgres
Absolutely! The parameterized query support in node-postgres is first class. All escaping is done by the postgresql server ensuring proper behavior across dialects, encodings, etc... For example, this will not inject sql:
client.query("INSERT INTO user(name) VALUES($1)", ["'; DROP TABLE user;"], function (err, result) {
// ...
});
This is from their documentation.
It basically depends on how you execute your queries as #vitaly-t described
Suppose you will define query in a string and execute as follows:
var query = `SELECT * FROM table where username='${username}' and password='${password}`;
pool.query(query, (error, results) => {
});
This case if i would pass username=' 'or 1=1; -- and password=' 'or 1=1; --
Then it will return all records from the table (means SQL injection works)
But if I would execute the following query
pool.query('SELECT * FROM table where username=$1 and password=$2', [username, password], (error, results) => {
});
Then SQL injection will never work because pg will sanitize the data.
So it's depends on how you execute the queries.
It depends on how you execute your queries:
Formatting via Prepared Statements is executed by the server, which in turn sanitizes your query from any SQL injection. But it has other restrictions, like you cannot execute more than one query at a time, and you cannot provide sanitizied entity names when needed.
Client-side query formatting, like the one implemented by pg-promise, sanitizes values, plus offers flexibility in formatting entity names and multiple queries.
I am creating an expressjs api and using mongodb. I have a decent understanding of indexes and I understand that they are expensive to create when there is data in the database.
In MS Sql Server you would create indexes when creating your database tables. My question is do I handle this creation of indexes in a post call in my express app or do I achieve this using scripts when deploymening my application?
For example I need Geospatial indexing.
Would index creation be handled in the express app like this?
//express post call
let col = db.collection( 'collection' );
col.createIndex( // someIndex );
col.insertOne( //Some document );
I am looking for the best method to creating the 'initial' state of my mongodb and specifically creating indexes I will need for certain collections before these collections contain any documents.
So, It may happen, You have a lot of data in your database while deployment and you do not want your Indexing terrible. Here's what MongoDB can Help. You can do indexing in Background which will not prevent all read and write operations to the database while the index builds.A simple Command:
db.collection.createIndex( { a: 1 }, { background: true } )
Check the Manual For details.
https://docs.mongodb.org/manual/tutorial/build-indexes-in-the-background/
I am using Linq to NHibernate.
I have a following test case :
[TestMethod]
[DeploymentItem("hibernate.cfg.xml")]
public void Category_Should_GetAllByLinq()
{
// Arrange
IRepository<Category> repo = new CategoryRepository();
//Act
IList<Category> list = repo.GetListByLinq();
//Assert
Assert.IsTrue(list.Count > 0);
}
and also I have following code in CategoryRepository class :
public IList<Category> GetListByLinq()
{
ISession session = NHibernateHelper.OpenSession();
// When following statement is executed, How to check converted real sql query?
var query = from c in session.Linq<Category>()
select c;
return query.ToList();
}
My question is that once linq to nhibernate statement is executed, How to check real converted sql query? any method?
I know I can use SQL profiler, However I'd like to use Mock object in test case so I don't want see it in any Database related method.
You can use the NHibernate Profiler to do so, see this post for details on how to setup programmatic integration:
http://ayende.com/Blog/archive/2009/12/13/uumlberprof-new-feature-programmatic-integration.aspx
Another option, slightly more complicated, is to listen to the NHibernate.SQL logger and process its results. It gives you the information, but you would need a bit of parsing and it won't give you the sessions information
Good question.
I think the best way to assert the SQL generated would be to use IInterceptor and hook into OnPrepareStatement.
Or if it is ok for you to just see the SQL statements in the Output window during debugging you can just enable show_sql option.
Have you tried NHiberate Profiler? It should be what you are looking for.