We have realize problem of unicode text normalization and have implement tools into 4.9.1 to work with normalization issue. Detailed description of this issue is given on the following wiki page.
Category: Valentina SQL
[TIP] Protection from SQL Injection Attack.
This tip is expired by article two-steps-forward-to-more-secure-applications. The First part of the article discusses SQL Injection Attack and how to develop code protected from it.
After read of the article you will know that to easy way for protection – is usage of SQL binding. Wow? One more reason to ALWAYS use SQL binding! Other well known reason are
- reduces CPU time as for client so for server, because no string concatenations on the client side, and less job for parser on the server side.
- enables usage of Query Pool, because SQL command is the same byte to byte.
V4NET and SQL-Binding of Pictures.
Starting from 4.8 build you may pass pictures as a binded value to the queries using V4NET ADK.
New LogFilesLocation property
There is a new property – LogFilesLocation for both server and local.
It defines a folder where the logs should be placed in.
Default folder is “./vlogs”
Altering ObjectPtr
ObjectPtr field contains RecID values of some “target” table. If you need to change ObjectPtr in order to point another table those values are not valid anymore – so default behavior is to nullify them. But sometime it looks to be too strong. For instance – changing field or link name or on-delete policy should not cause such data zeroing.
There are two ways to keep existed values altering ObjectPtr:
- There is a global property – OnChangeTypeZeroPtr. It is set to true by default. But you may change it with following statement – “SET PROPERTY OnChangeTypeZeroPtr TO false”. After this altering ObjectPtr will prevent zeroing data (sure it will be nulls for records which are absent in the new target table). This property is not “schema-storable” – so you should set it up on each run if you need it.
- The first approach is a global setting – so you will be able to keep some ObjectPtr values even changing “target” table. So we implement one more way – much more simple because the only thing you should keep in your mind is – the values will be preserved until you touch “target table” ObjectPtr property (because all values will be valid for the same target anyway).
NEW Function Added: hash MD5()
Ivan have implement today MD5() function, which can be used in EXPRESSION of Valentina SQL.
Bart have asked this function to be able produce UNIQUE INDEX for strings/texts bigger of 128 chars. This limit comes from fact that indexes of Valentina use pascal-like storage format for strings, e.g. 256 bytes maximum, 128 for UTF16.
SHOW PROCEDURES Extended.
We have extend syntax of SHOW PROCEDURES to SHOW PROCEDURES [ALL].
[NEW] REGEX_REPLACE() function.
In 4.5.1 release we have add a new REGEX_REPLACE() function to Valentina Expresions, which can be used in Table Methods, SQL and therefore, in Reports.
Up to now, we was able to do searches with the help of REGEX operator:
… WHERE fld REGEX ‘ab.[cdf]*’
New function brings the awesome power of REGEX to manipulate by strings stored in the database! Now we can not only search using REGEX, but modify strings! You can do that in the
- SELECT EXPR, …
- UPDATE TABLE T SET fld = EXPR
where EXPR is REGEX_REPLACE() function or contains it as a part.
Read details about this function here.
Internal optimization for views and sub-queries.
In some cases we can avoid copying sub-query result to the temporary table. We can even use sub-query cursor “as is” – so it could be used as a result of the whole query. In other words there is almost zero overhead against a simple query.
For now such optimization can be applied if a query:
- contains only “*” item in the select list clause
- has no “where” clause
- has no “group by” clause
- has no “having” clause
- has no “distinct” clause
- is not a part of some join operation
- has no “order by” clause
- has no binding values
- sub-query is not a “union/except/intersect” result
Examples:
SELECT * FROM (SELECT * FROM t1 WHERE f1 > 5);
SELECT * FROM (SELECT t1.f1, t2 f1 FROM t1 JOIN t2 ON l1 WHERE t1.f1 > 5 AND t2.f1 <3);
[NEW] Temporary VIEW and IF NOT EXISTS clause.
We have add for VIEWs ability to be temporary, like we allow for Tables, Fields, Links. Temporary objects are not stored in the schema (.vdb file).
Also we have add for consistency IF NOT EXISTS clause to CREATE VIEW command.
Default parameters for Stored Procedures.
We have add into v4.3 support of default parameters for stored procedures.
CREATE PROCEDURE( IN param INT = 2 ) …
‘OR REPLACE’ Warning. ALTER VIEW Added.
Most Valentina SQL commands of kind CREATE SOMETHING have clause ‘OR REPLACE’. You should understand that this clause forces DROP of existed object before new will be created. This means that all its sub-objects also will be deleted. To avoid this use ALTER command.
For 4.3 we have add ALTER VIEW command.
Valentina SQL get powerful FORMAT() function.
Ivan have add into Valentina engine new very powerful FORMAT() function for SQL.
It provides great ability to convert numbers and date/times into string format.
Please read detailed syntax in the Valentina WIKI:
http://valentina-db.com/dokuwiki/doku.php?id=valentina:vcomponents:vsql:reference:expr:funcs_string#format
The same algorithms will be added in nearest time to Valentina Reports.
Improvements for stored procedures and binded queries
It was a huge improvement to solve the problem with a “second run” in stored procedures and binded queries. Sometimes there was an incorrect behavior because of “over-prepared” nodes. There was a workaround with “EXECUTE” statement (which is actually developed to prepare any SQL statement and execute one from another SQL statement). So now this workaround could be omitted.
“LIMIT N” now can be used in additional places.
Was found a problem that in a stored procedure the assignment statement do not accept SELECT with LIMIT. This problem is fixed now. So you can have
procname
BEGIN
var = SELECT f1 FROM T WHERE … LIMIT 1
END