sql-lover

Thanks for reply! In terms of query result of actual display, this is what I want -Show if they are different or not (top of the page) -Get all columns and display table A -Get all the columns and display table B This is how is right now ... -Get all columns and display table A -Get all the columns and display table B -Show if they are different or not (bottom of the page) My problem is, if I tried to show if they are different or not, it won't work, because that loop is using the variable I put to inside each table's loop.

Thanks. Since I posted this question I read additional material. Your comment makes sense.

[quote author=scootstah Not for SQL injection. Why, can you show (with my own code, of course)? not challenging your comment, but I want to fully understand your explanation.

Dummy question here, so please apologize my ignorance ... How many times I can invoke or call a query inside a PHP code if I'm using sqlsrv_fetch_array function? Here's the code (which works like a charm) <!DOCTYPE html> <html> <head> <title>Table Definition's Tool</title> <style type="text/css"> body { font-family: Arial, Verdana, sans-serif; color: #111111;} table { width: 600px;} th, td { padding: 7px 10px 10px 10px;} th { text-transform: uppercase; letter-spacing: 0.1em; font-size: 90%; border-bottom: 2px solid #111111; border-top: 1px solid #999; text-align: left;} tr.even { background-color: #efefef;} tr:hover { background-color: #c3e6e5;} .money { text-align: right;} </style> </head> <body> <?php //Variables $QueryResults1 = Array(); $QueryResults2 = Array(); $dbName=$_POST['dbName']; //Variable for the database name $PROinstance=$_POST['PRO']; //Variable for PRO SQL connection string $ITGinstance=$_POST['ITG']; //Variable for ITG SQL connection string $table=$_POST['table']; //Variable for the table $params = array($table); //Parameters for the T-SQL query, the table name here require 'ErrorHandling.php'; require 'ConnectionInfo.php'; ############################# ##Modify Date for PRO table## ############################# $mdateQuery="SELECT cast( cast (create_date as date) as date), cast( cast (modify_date as date) as date) FROM sys.tables WHERE name=?"; //The proper way is SELECT create_date, dateadd(dd,0, datediff(dd,0, modify_date)) FROM sys.tables WHERE name=?; $TableSchemaQuery = "SELECT COLUMN_NAME, DATA_TYPE, ORDINAL_POSITION, COLUMN_DEFAULT, CHARACTER_MAXIMUM_LENGTH, IS_NULLABLE, NUMERIC_PRECISION, NUMERIC_SCALE FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME=?"; $mdatePROtable = sqlsrv_query($dbPRO, $mdateQuery, $params); if ($mdatePROtable === false) { exitWithSQLError('Wrong table name or table does not exist.'); } $mdateITGtable = sqlsrv_query($dbITG, $mdateQuery, $params); if ($mdateITGtable === false) { exitWithSQLError('Wrong table name or table does not exist.'); } ########################## ##Table Input Validation## ########################## //Main query to validate $validatingQuery ="SELECT TABLE_NAME FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME =?"; $validatingPROtable = sqlsrv_query($dbPRO, $validatingQuery, $params); if ($validatingPROtable === false) { exitWithSQLError('Wrong table name or table does not exist.'); } $validatingITGtable = sqlsrv_query($dbITG, $validatingQuery, $params); if ($validatingITGtable === false) { exitWithSQLError('Wrong table name or table does not exist.'); } while ($row1 = sqlsrv_fetch_array($validatingPROtable,SQLSRV_FETCH_NUMERIC)) { $PROtableName=$row1[0]; } while ($row1 = sqlsrv_fetch_array($validatingITGtable,SQLSRV_FETCH_NUMERIC)) { $ITGtableName=$row1[0]; } if ( empty($PROtableName) && empty($ITGtableName) ) { echo "There is no table on PRO or ITG with that name. Please validate with your POR dba."; } elseif (empty($PROtableName)) { echo "There is a table on ITG with that name but not on PRO. Please validate with your POR dba."; } elseif (empty($ITGtableName)){ echo "There is a table on PRO with that name but not on ITG. Please validate with your POR dba."; } //If table's name exists on both, do schema comparison inside following "else" statement else { /* Set up the query for PRO's table. */ // Run PRO query $qresult1 = sqlsrv_query($dbPRO, $TableSchemaQuery, $params); if ($qresult1 === false) { exitWithSQLError('Retrieving schema failed.'); } // Retrieve individual rows from PRO result echo "<h3>Table's structure for \"$table\" - PRO environment</h3>"; echo '<table>'; echo '<thead>'; echo '<tr><th>NAME</th><th>TYPE</th><th>POSITION</th><th>DEFAULT</th><th>LENGHT</th><th>IS NULLABLE</th><th>NUMERIC PRECISION</th><th>NUMERIC SCALE</th></tr>'; echo '</thead>'; echo '<tbody>'; $i=1; while ($row1 = sqlsrv_fetch_array($qresult1,SQLSRV_FETCH_NUMERIC)) { $i++; $QueryResults1[$row1['0']] = $row1; $QueryResults1[$row1['1']] = $row1; $QueryResults1[$row1['2']] = $row1; $QueryResults1[$row1['3']] = $row1; $QueryResults1[$row1['4']] = $row1; $QueryResults1[$row1['5']] = $row1; $QueryResults1[$row1['6']] = $row1; $QueryResults1[$row1['7']] = $row1; if ($i % 2) { echo '<tr class="even">'; echo '<td>' . htmlspecialchars($row1['0']) . '</td>'; echo '<td>' . htmlspecialchars($row1['1']) . '</td>'; echo '<td>' . htmlspecialchars($row1['2']) . '</td>'; echo '<td>' . htmlspecialchars($row1['3']) . '</td>'; echo '<td>' . htmlspecialchars($row1['4']) . '</td>'; echo '<td>' . htmlspecialchars($row1['5']) . '</td>'; echo '<td>' . htmlspecialchars($row1['6']) . '</td>'; echo '<td>' . htmlspecialchars($row1['7']) . '</td>'; echo '</tr>'; } else { echo '<tr>'; echo '<td>' . htmlspecialchars($row1['0']) . '</td>'; echo '<td>' . htmlspecialchars($row1['1']) . '</td>'; echo '<td>' . htmlspecialchars($row1['2']) . '</td>'; echo '<td>' . htmlspecialchars($row1['3']) . '</td>'; echo '<td>' . htmlspecialchars($row1['4']) . '</td>'; echo '<td>' . htmlspecialchars($row1['5']) . '</td>'; echo '<td>' . htmlspecialchars($row1['6']) . '</td>'; echo '<td>' . htmlspecialchars($row1['7']) . '</td>'; echo '</tr>'; } } echo '</tbody>'; echo '</table>'; echo '<br>'; // null == no further rows, false == error if ($row1 === false) { exitWithSQLError('Retrieving schema failed.'); } while ( $row1 = sqlsrv_fetch( $mdatePROtable)) { echo "<p>Created on " .sqlsrv_get_field( $mdatePROtable, 0, SQLSRV_PHPTYPE_STRING( SQLSRV_ENC_CHAR))." and last time modified on ".sqlsrv_get_field( $mdatePROtable, 1, SQLSRV_PHPTYPE_STRING( SQLSRV_ENC_CHAR))."</p>"; } /* Set up the query for ITG's table. */ $qresult2 = sqlsrv_query($dbITG, $TableSchemaQuery, $params); if ($qresult2 === false) { exitWithSQLError('Query of product data failed.'); } // Retrieve individual rows from ITG result echo "<h3>Table's structure for \"$table\" - ITG environment</h3>"; echo '<table>'; echo '<thead>'; echo '<tr><th>NAME</th><th>TYPE</th><th>POSITION</th><th>DEFAULT</th><th>LENGHT</th><th>IS NULLABLE</th><th>NUMERIC PRECISION</th><th>NUMERIC SCALE</th></tr>'; echo '</thead>'; echo '<tbody>'; $i=1; while ($row2 = sqlsrv_fetch_array($qresult2,SQLSRV_FETCH_NUMERIC)) { $i++; $QueryResults2[$row2['0']] = $row2; $QueryResults2[$row2['1']] = $row2; $QueryResults2[$row2['2']] = $row2; $QueryResults2[$row2['3']] = $row2; $QueryResults2[$row2['4']] = $row2; $QueryResults2[$row2['5']] = $row2; $QueryResults2[$row2['6']] = $row2; $QueryResults2[$row2['7']] = $row2; if ($i % 2) { echo '<tr class="even">'; echo '<td>' . htmlspecialchars($row2['0']) . '</td>'; echo '<td>' . htmlspecialchars($row2['1']) . '</td>'; echo '<td>' . htmlspecialchars($row2['2']) . '</td>'; echo '<td>' . htmlspecialchars($row2['3']) . '</td>'; echo '<td>' . htmlspecialchars($row2['4']) . '</td>'; echo '<td>' . htmlspecialchars($row2['5']) . '</td>'; echo '<td>' . htmlspecialchars($row2['6']) . '</td>'; echo '<td>' . htmlspecialchars($row2['7']) . '</td>'; echo '</tr>'; } else { echo '<tr>'; echo '<td>' . htmlspecialchars($row2['0']) . '</td>'; echo '<td>' . htmlspecialchars($row2['1']) . '</td>'; echo '<td>' . htmlspecialchars($row2['2']) . '</td>'; echo '<td>' . htmlspecialchars($row2['3']) . '</td>'; echo '<td>' . htmlspecialchars($row2['4']) . '</td>'; echo '<td>' . htmlspecialchars($row2['5']) . '</td>'; echo '<td>' . htmlspecialchars($row2['6']) . '</td>'; echo '<td>' . htmlspecialchars($row2['7']) . '</td>'; echo '</tr>'; } } echo '</tbody>'; echo '</table>'; echo '<br>'; while ( $row1 = sqlsrv_fetch( $mdateITGtable)) { echo "<p>Created on " .sqlsrv_get_field( $mdateITGtable, 0, SQLSRV_PHPTYPE_STRING( SQLSRV_ENC_CHAR))." and last time modified on ".sqlsrv_get_field( $mdateITGtable, 1, SQLSRV_PHPTYPE_STRING( SQLSRV_ENC_CHAR))."</p>"; } // null == no further rows, false == error if ($row2 === false) { exitWithSQLError('Retrieving schema failed.'); } //Comparing Arrays foreach ($QueryResults1 as $key => $value) { if ($QueryResults2[$key]!=$value) { echo '<p><span style="BACKGROUND-COLOR: #ffff00">The schemas are different!</span></p>'; break; } } $PROTableSize=sizeof($QueryResults1); $ITGTableSize=sizeof($QueryResults2); if ($PROTableSize==$ITGTableSize){ echo "<p>Schemas are identical!</p>\n"; } // Releasing resources and closing connections sqlsrv_free_stmt($qresult1); sqlsrv_free_stmt($qresult2); } // Releasing resources and closing connections sqlsrv_free_stmt($validatingITGtable); sqlsrv_free_stmt($validatingPROtable); sqlsrv_close($dbPRO); sqlsrv_close($dbITG); ?> </body> </html> Not the most elegante code, I'm still learning PHP, but this is what it does: - [*]Use a T-SQL query to get the table's schema of a given table [*]Run same query on two different MS-SQL instances [*]Display result for each one [*]Compare results to see if they match The problem I have (logic, not syntax) is that I want the comparison's result to be display 1st or way on the top. But if I do that, won't work, as I am capturing the result of each query or array on some variables, $QueryResults1 and $QueryResults2. If I try to run the while plus sqlsrv_fetch_array twice (1st to capture the results, 2nd to actually display) it gives me an error or does not display anything. How many times can I call sqlsrv_fetch_array inside a PHP code? Or, how can I compare both results so the echo statement can appear way on top? Hope I explain it correctly, thanks in advance

They are essentially the same. Your just passing the parameters and sql together in a call vs doing it separately by preparing the query first then binding parameters later. I guess that my question is still there :-) Do I have to sanitize the input? And if answer is Yes, which function or function will help me now than I'm using the Microsoft connector or driver.

"blonde moment" You're right. Prepared isn't the same as parameterized. But I would prefer not to redesign the whole code and change to prepared if using a parameter is still safe.

Thanks for reply. isn't prepare statement the same as parametrized queries? but anyway, my question is about above code. Do I have to sanitize after using a parameterized query?

Hi, I am using parameterized queries on my code, here's the relevant part $params=$_POST['ITGtable']; $tsql2 = "SELECT COLUMN_NAME, DATA_TYPE, ORDINAL_POSITION, COLUMN_DEFAULT, CHARACTER_MAXIMUM_LENGTH, IS_NULLABLE FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME=?"; /* Execute the statement with the specified parameter value. Display the returned data if no errors occur. */ $stmt2 = sqlsrv_query( $conn, $tsql2, $params); if( $stmt2 === false ) { echo "Statement 2 could not be executed.\n"; die( print_r(sqlsrv_errors(), true)); } else { $qty = sqlsrv_fetch_array( $stmt2); } Do I really have to sanitize $_POST['ITGtable'] for apostrophe, semicolon, etc, to avoid SQL injection problems? Or just with above code I should be safer (I did not say safe) against SQL injection? And if the answer is "No", what could be the sanitize code of function? I am using sqlsrv and MS-SQL database engine; most of the functions we have for sanitize inputs on MySQL are not available for MS-SQL. Thanks in advance,

1st, Thanks for the MOD which moved it to the right forum :-) Now, to dmikester1, appreciate your response. My CSS knowledge is very limited, but I used to code pure HTML back in 1994 (yeah, maybe I'm older than you, lol) so I can catch up concepts quickly. I'm actually a professional DBA. What I am trying to accomplish is make a clear distinction between the headers and the content. Also, I would like to experiment with some type of grid, like creating a table? So results can be easier to read. Not so sure how it will look like, that's why I want to play a little bit. But I don't know how to generate such grid. However, you gave me a basic idea of how change color for text and headers.

Hi, Need some advises or quick help with my query result layout (attached to this post) I'm currently using this code to organize and show my query's result echo '<tr><th>NAME</th><th>TYPE</th><th>POSITION</th><th>DEFAULT</th><th>LENGHT</th><th>IS NULLABLE</th><th>NUMERIC PRECISION</th><th>NUMERIC SCALE</th></tr>'; // Retrieve individual rows from the result while ($row1 = sqlsrv_fetch_array($qresult1,SQLSRV_FETCH_NUMERIC)) { $QueryResults1[$row1['0']] = $row1; $QueryResults1[$row1['1']] = $row1; $QueryResults1[$row1['2']] = $row1; $QueryResults1[$row1['3']] = $row1; $QueryResults1[$row1['4']] = $row1; $QueryResults1[$row1['5']] = $row1; $QueryResults1[$row1['6']] = $row1; $QueryResults1[$row1['7']] = $row1; echo '<tr><td>', htmlspecialchars($row1['0']), '</td><td>', htmlspecialchars($row1['1']), '</td><td>', htmlspecialchars($row1['2']), '</td><td>', htmlspecialchars($row1['3']), '</td><td>', htmlspecialchars($row1['4']), '</td><td>', htmlspecialchars($row1['5']), '</td><td>', htmlspecialchars($row1['6']), '</td><td>', htmlspecialchars($row1['7']), "</td></tr>\n"; } and echo '<tr><th>NAME</th><th>TYPE</th><th>POSITION</th><th>DEFAULT</th><th>LENGHT</th><th>IS NULLABLE</th><th>NUMERIC PRECISION</th><th>NUMERIC SCALE</th></tr>'; // Retrieve individual rows from the result while ($row2 = sqlsrv_fetch_array($qresult2,SQLSRV_FETCH_NUMERIC)) { $QueryResults2[$row2['0']] = $row2; $QueryResults2[$row2['1']] = $row2; $QueryResults2[$row2['2']] = $row2; $QueryResults2[$row2['3']] = $row2; $QueryResults2[$row2['4']] = $row2; $QueryResults2[$row2['5']] = $row2; $QueryResults2[$row2['6']] = $row2; $QueryResults2[$row2['7']] = $row2; echo '<tr><td>', htmlspecialchars($row2['0']), '</td><td>', htmlspecialchars($row2['1']), '</td><td>', htmlspecialchars($row2['2']), '</td><td>', htmlspecialchars($row2['3']), '</td><td>', htmlspecialchars($row2['4']), '</td><td>', htmlspecialchars($row2['5']), '</td><td>', htmlspecialchars($row2['6']), '</td><td>', htmlspecialchars($row2['7']), "</td></tr>\n"; } Of course, that's the relevant part of the code. The query and connection not included. I would like to maybe use css, better fonts or even color. It actually looks boring and ugly. What markup code should I use or how can I modify that part of the code so I can get a more professional or easy to read display?

digibucc Thank you so much, appreciate the quick reply!

Hi, While trying to create my own script that allows you to compare two different files , found this amazing algorithm from Paul Butler function diff($oldhistory, $newhistory){ foreach($oldhistory as $oindex => $ovalue){ $nkeys = array_keys($newhistory, $ovalue); foreach($nkeys as $nindex){ $matrix[$oindex][$nindex] = isset($matrix[$oindex - 1][$nindex - 1]) ? $matrix[$oindex - 1][$nindex - 1] + 1 : 1; if($matrix[$oindex][$nindex] > $maxlen){ $maxlen = $matrix[$oindex][$nindex]; $omax = $oindex + 1 - $maxlen; $nmax = $nindex + 1 - $maxlen; } } } if($maxlen == 0) return array(array('d'=>$oldhistory, 'i'=>$newhistory)); return array_merge( diff(array_slice($oldhistory, 0, $omax), array_slice($newhistory, 0, $nmax)), array_slice($newhistory, $nmax, $maxlen), diff(array_slice($oldhistory, $omax + $maxlen), array_slice($newhistory, $nmax + $maxlen))); } function htmlDiff($oldhistory, $newhistory){ $diff = diff(explode(' ', $oldhistory), explode(' ', $newhistory)); foreach($diff as $k){ if(is_array($k)) $ret .= (!empty($k['d'])?"<del>".implode(' ',$k['d'])."</del> ":''). (!empty($k['i'])?"<ins>".implode(' ',$k['i'])."</ins> ":''); else $ret .= $k . ' '; } return $ret; } This is embarrassing, but how can I test this with two text variables? Where should I wrote the echo line to display some output? I'm new to PHP. Also, my own and extremely simplify idea is using strtoupper and md5 for comparing two texts. Is that a good logic? The main goal of my program is able to compare two MS-SQL store procedures from two different servers and tell if they both are the same of different versions. Thanks in advance,

Ohh, thats not a problem :-) ... I can post the whole code again. I'm right now focus on the input validation and security part.

Thanks, fixed .... this way ... $params = array($table); Very silly mistake, but thanks again for pointing that out!

Trying to make my code more secure. This is what I currently have, which is not secure by any means: $query1 = "SELECT COLUMN_NAME, DATA_TYPE, ORDINAL_POSITION, COLUMN_DEFAULT, CHARACTER_MAXIMUM_LENGTH, IS_NULLABLE FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='$table'"; // Run PRO query $qresult1 = sqlsrv_query($dbPRO, $query1); if ($qresult1 === false) { exitWithSQLError('Retrieving schema failed.'); } This is how I changed it, $query1 = "SELECT COLUMN_NAME, DATA_TYPE, ORDINAL_POSITION, COLUMN_DEFAULT, CHARACTER_MAXIMUM_LENGTH, IS_NULLABLE FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME=?"; $params = array(1, $table); // Run PRO query $qresult1 = sqlsrv_query($dbPRO, $query1, $params); if ($qresult1 === false) { exitWithSQLError('Retrieving schema failed.'); } but I'm getting this error: SQL-Status: 22018 Code: 245 Message: [Microsoft][sql Server Native Client 10.0][sql Server]Conversion failed when converting the nvarchar value 'sysrscols' to data type int Please notice I am using sqlsrv_query function because my database engine is MS-SQL 2008. That's why I'm a bit confused. Most documentation online is pointed to MySQL. exitWithSQLError is a customized function of mine, so please ignore. Any help or hints is appreciated, Thanks,

it is isn't it! I scan spend hours looking at code i know is right, and then a cursory glance the next day shows me a hundred problems i missed. . That's so true!

Hi Doug, Couple of questions or comments... 1st, why you are not using the MS-SQL driver for PHP? I can't see any sqlsrv_connect function there. My advice, try a simple PHP code to open a connection locally. Then change the server name and do the same but this time connecting remotely. It should work. If not, check your firewall, DNS settings or even if you are able to ping the remote server using its name.

Found a way to do it ;-) ... solution posted on PHP coding forum ...

FormatErrors was a function, wrote on a separate file missing here. In other words, you were right. And because the file was missing, I was getting that silly error! Thanks for pointing that out!

I got it!!!! Finally ... here's the final code (the comparison part). More refined and simple ... //Comparing Arrays foreach ($Server1 as $key => $value) { if ($Server2[$key]!=$value) { echo "Warning! Schemas are different!<br /><br />\n"; break; } } $PROTableSize=sizeof($Server1); $ITGTableSize=sizeof($Server2); if ($PROTableSize==$ITGTableSize){ echo "Schemas are identical!<br /><br />\n"; } Tested when: [*]1st table has more rows: Schemas are not the same [*]2nd table has more rows: Schemas are not the same [*]Both tables have same size and content is the same: Schemas are identical [*]Both tables have same size and content is NOT the same: Schemas are not the same Thanks a lot for the tips and advises!

Almost ... I'm almost there .. ... just need a final help, please... So I run three test cases, as follow [*]Result sets have same size (rows and columns [*]1st result's set has more columns [*]2nd result's set has more columns Test #1 passed: PHP code says they are identical. Test #2 failed :-( , it says they are identical, when they are not (1st set has more columns) Test #3 passed: PHP code says the schemas are differen. Here's my revised code, for the comparison part only //Compare foreach ($Server1 as $key => $fields) { foreach ($fields as $field => $value) { if (isset($Server2[$key][$field])) { if ($Server2[$key][$field] != $value) { } else { //Matched } } else { } unset($Server2[$key][$field]); } if(!empty($Server2[$key])){ echo "Warning! Schemas are different!<br /><br />\n"; break 2; // Exit to outer foreach and stops comparing foreach($Server2[$key] as $K=>$V){ } } unset($Server2[$key]); } if(!empty($Server2)){ echo "Warning! Schemas are different!<br /><br />\n"; foreach($Server2 as $K=>$V){ } } else{ echo "Schemas are identical!<br /><br />\n"; } I added a "break". Why is not detecting #2, because the location of final "else" maybe? ...

Thanks for reply. I will check at home, but I'm almost sure the code there works! and uses that function.

Hi Andy, I'm using MSSQL2008 ... ... not MySQL

You did an awesome job ... ... even if it was free hand, I got no error when I just pasted it, amazing. But remember, I'm new to PHP, hence the reason for my questions. I may post a screenshot of the result set as I don't understand why one table my have more columns than the other one, I'm a bit confused. One may have more rows, but no more columns. The query is against metadata inside MSSQL server.

Ok, I managed to install PHP and Apache on a virtual machine at home (host runs Windows 2008 Server). I'm half way testing there but I need to start working on my work's laptop now (for presentation, official stuff, etc) So I installed XAMPP. I downloaded the MS-SQL drivers from this URL: http://msdn.microsoft.com/library/cc296170.aspx I edited PHP ini adding this line: extension=php_sqlsrv_53_ts_vc9.dll And also dropped the php_sqlsrv_53_ts_vc9.dll file into the "ext" folder that goes under xampp I restarted Apache and I can see PHP shows the sqlsrv drivers section, so should work ok, but I can't connect to MS-SQL. I can't even run a simple PHP script like this: <?php $serverName = "servername"; $connectionOptions = array("Database"=>"AdventureWorks"); $conn = sqlsrv_connect( $serverName, $connectionOptions); if( $conn === false ) die( FormatErrors( sqlsrv_errors() ) ); ?> It fails miserably with following error: Fatal error: Call to undefined function FormatErrors() in C:\xampp\htdocs\project\connectivity.php on line 6 Am I missing something? By the way, my work's laptop runs Windows Vista. Not sure if that can be a problem. I am running most recent SQL client drivers I think.