0% found this document useful (0 votes)

275 views

SQL Queries

The SQL INNER JOIN keyword selects rows from two tables where the joined columns match. It returns all rows from both tables that have matching values in the specified columns. The INNER JOIN syntax includes the table names, joined columns, and optionally an ORDER BY clause. An example joins the Customers and Orders tables to return customer names and order IDs matching on the CustomerID column.

Uploaded by

Khalid Aziz

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

275 views

SQL Queries

Uploaded by

Khalid Aziz

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

You are on page 1/ 82

SQL INNER JOIN Keyword

The INNER JOIN keyword selects all rows from both tables as long as there is a match between the columns in both tables.

SQL INNER JOIN Syntax

SELECT column_name(s) FROM table1 INNER JOIN table2 ON table1.column_name=table2.column_name; or: SELECT column_name(s) FROM table1 JOIN table2 ON table1.column_name=table2.column_name; PS! INNER JOIN is the same as JOIN.

Demo Database
In this tutorial we will use the well-known Northwind sample database. Below is a selection from the "Customers" table: CustomerID CustomerName ContactName Address City PostalCode Country Alfreds 1 Maria Anders Obere Str. 57 Berlin 12209 Germany Futterkiste Avda. de la Ana Trujillo Mxico 2 Emparedados y Ana Trujillo Constitucin 05021 Mexico D.F. helados 2222

Antonio Moreno Antonio Moreno Taquera

Mataderos 2312

Mxico 05023 D.F.

Mexico

And a selection from the "Orders" table: OrderID CustomerID 10308 2 10309 37 10310 77 EmployeeID 7 3 8 OrderDate 1996-09-18 1996-09-19 1996-09-20 ShipperID 3 1 2

SQL INNER JOIN Example

The following SQL statement will return all customers with orders:

Example
SELECT Customers.CustomerName, Orders.OrderID FROM Customers INNER JOIN Orders ON Customers.CustomerID=Orders.CustomerID ORDER BY Customers.CustomerName; Try it yourself Note: The INNER JOIN keyword selects all rows from both tables as long as there is a match between the columns. If there are rows in the "Customers" table that do not have matches in "Orders", these customers will NOT be listed.

SQL LEFT JOIN Keyword

The LEFT JOIN keyword returns all rows from the left table (table1), with the matching rows in the right table (table2). The result is NULL in the right side when there is no match.

SQL LEFT JOIN Syntax

SELECT column_name(s) FROM table1 LEFT JOIN table2 ON table1.column_name=table2.column_name; or: SELECT column_name(s) FROM table1 LEFT OUTER JOIN table2 ON table1.column_name=table2.column_name; PS! In some databases LEFT JOIN is called LEFT OUTER JOIN.

Antonio Moreno Antonio Moreno Taquera

Mataderos 2312

Mxico 05023 D.F.

Mexico

And a selection from the "Orders" table: OrderID CustomerID 10308 2 10309 37 10310 77 EmployeeID 7 3 8 OrderDate 1996-09-18 1996-09-19 1996-09-20 ShipperID 3 1 2

SQL LEFT JOIN Example

The following SQL statement will return all customers, and any orders they might have:

Example
SELECT Customers.CustomerName, Orders.OrderID FROM Customers LEFT JOIN Orders ON Customers.CustomerID=Orders.CustomerID ORDER BY Customers.CustomerName; Try it yourself Note: The LEFT JOIN keyword returns all the rows from the left table (Customers), even if there are no matches in the right table (Orders).

SQL RIGHT JOIN Keyword

Previous Next Chapter

SQL RIGHT JOIN Keyword

The RIGHT JOIN keyword returns all rows from the right table (table2), with the matching rows in the left table (table1). The result is NULL in the left side when there is no match.

SQL RIGHT JOIN Syntax

SELECT column_name(s) FROM table1 RIGHT JOIN table2 ON table1.column_name=table2.column_name; or: SELECT column_name(s) FROM table1 RIGHT OUTER JOIN table2 ON table1.column_name=table2.column_name; PS! In some databases RIGHT JOIN is called RIGHT OUTER JOIN.

Demo Database
In this tutorial we will use the well-known Northwind sample database. Below is a selection from the "Orders" table:

OrderID CustomerID 10308 2 10309 37 10310 77

EmployeeID 7 3 8

OrderDate 1996-09-18 1996-09-19 1996-09-20

ShipperID 3 1 2

And a selection from the "Employees" table: EmployeeID LastName FirstName BirthDate 1 2 3 Davolio Fuller Nancy Andrew Notes Education includes a BA in 12/8/1968 EmpID1.pic psychology..... Andrew received his BTS 2/19/1952 EmpID2.pic commercial and.... Janet has a BS degree in 8/30/1963 EmpID3.pic chemistry.... Photo

Leverling Janet

SQL RIGHT JOIN Example

The following SQL statement will return all employees, and any orders they have placed:

Example
SELECT Orders.OrderID, Employees.FirstName FROM Orders RIGHT JOIN Employees ON Orders.EmployeeID=Employees.EmployeeID ORDER BY Orders.OrderID; Try it yourself Note: The RIGHT JOIN keyword returns all the rows from the right table (Employees), even if there are no matches in the left table (Orders).
NEXT

SQL FULL OUTER JOIN Keyword

The FULL OUTER JOIN keyword returns all rows from the left table (table1) and from the right table (table2). The FULL OUTER JOIN keyword combines the result of both LEFT and RIGHT joins.

SQL FULL OUTER JOIN Syntax

SELECT column_name(s) FROM table1 FULL OUTER JOIN table2 ON table1.column_name=table2.column_name;

Demo Database
In this tutorial we will use the well-known Northwind sample database. Below is a selection from the "Customers" table: CustomerID CustomerName ContactName Address Alfreds 1 Maria Anders Obere Str. 57 Futterkiste Avda. de la Ana Trujillo 2 Emparedados y Ana Trujillo Constitucin helados 2222 Antonio Moreno Antonio Mataderos 3 Moreno 2312 Taquera City Berlin PostalCode Country 12209 Germany Mexico Mexico

Mxico 05021 D.F. Mxico 05023 D.F.

And a selection from the "Orders" table: OrderID CustomerID 10308 2 10309 37 10310 77 EmployeeID 7 3 8 OrderDate 1996-09-18 1996-09-19 1996-09-20 ShipperID 3 1 2

SQL FULL OUTER JOIN Example

The following SQL statement selects all customers, and all orders: SELECT Customers.CustomerName, Orders.OrderID FROM Customers FULL OUTER JOIN Orders ON Customers.CustomerID=Orders.CustomerID ORDER BY Customers.CustomerName; A selection from the result set may look like this: CustomerName OrderID Alfreds Futterkiste Ana Trujillo Emparedados y helados 10308 10365 Antonio Moreno Taquera 10382 10351 Note: The FULL OUTER JOIN keyword returns all the rows from the left table (Customers), and all the rows from the right table (Orders). If there are rows in "Customers" that do not have matches in "Orders", or if there are rows in "Orders" that do not have matches in "Customers", those rows will be listed as well.

SQL UNION Operator

Previous Next Chapter

The SQL UNION operator combines the result of two or more SELECT statements.

The SQL UNION Operator

The UNION operator is used to combine the result-set of two or more SELECT statements. Notice that each SELECT statement within the UNION must have the same number of columns. The columns must also have similar data types. Also, the columns in each SELECT statement must be in the same order.

SQL UNION Syntax

SELECT column_name(s) FROM table1 UNION SELECT column_name(s) FROM table2; Note: The UNION operator selects only distinct values by default. To allow duplicate values, use the ALL keyword with UNION.

SQL UNION ALL Syntax

SELECT column_name(s) FROM table1 UNION ALL SELECT column_name(s) FROM table2; PS: The column names in the result-set of a UNION are usually equal to the column names in the first SELECT statement in the UNION.

Demo Database
In this tutorial we will use the well-known Northwind sample database. Below is a selection from the "Customers" table:

CustomerID CustomerName ContactName Address Alfreds 1 Maria Anders Obere Str. 57 Futterkiste Avda. de la Ana Trujillo 2 Emparedados y Ana Trujillo Constitucin helados 2222 Antonio Moreno Antonio Mataderos 3 Moreno 2312 Taquera And a selection from the "Suppliers" table: SupplierID 1 2 3

City Berlin

PostalCode Country 12209 Germany Mexico Mexico

Mxico 05021 D.F. Mxico 05023 D.F.

ContactName Address City Charlotte 49 Gilbert Exotic Liquid Londona Cooper St. New Orleans Cajun P.O. Box New Shelley Burke Delights 78934 Orleans Grandma Kelly's Regina 707 Oxford Ann Homestead Murphy Rd. Arbor

SupplierName

PostalCode Country EC1 4SD 70117 48104 UK USA USA

SQL UNION Example

The following SQL statement selects all the different cities (only distinct values) from the "Customers" and the "Suppliers" tables:

Example
SELECT City FROM Customers UNION SELECT City FROM Suppliers ORDER BY City; Try it yourself Note: UNION cannot be used to list ALL cities from the two tables. If several customers and suppliers share the same city, each city will only be listed once. UNION selects only distinct values. Use UNION ALL to also select duplicate values!

SQL UNION ALL Example

The following SQL statement uses UNION ALL to select all (duplicate values also) cities from the "Customers" and "Suppliers" tables:

Example
SELECT City FROM Customers UNION ALL SELECT City FROM Suppliers ORDER BY City; Try it yourself

SQL UNION ALL With WHERE

The following SQL statement uses UNION ALL to select all (duplicate values also) German cities from the "Customers" and "Suppliers" tables:

Example
SELECT City, Country FROM Customers WHERE Country='Germany' UNION ALL SELECT City, Country FROM Suppliers WHERE Country='Germany' ORDER BY City;

SQL SELECT INTO Statement

Previous Next Chapter

With SQL, you can copy information from one table into another. The SELECT INTO statement copies data from one table and inserts it into a new table.

The SQL SELECT INTO Statement

The SELECT INTO statement selects data from one table and inserts it into a new table.

SQL SELECT INTO Syntax

We can copy all columns into the new table: SELECT * INTO newtable [IN externaldb] FROM table1; Or we can copy only the columns we want into the new table: SELECT column_name(s) INTO newtable [IN externaldb] FROM table1; Tip: The new table will be created with the column-names and types as defined in the SELECT statement. You can apply new names using the AS clause.

SQL SELECT INTO Examples

Create a backup copy of Customers: SELECT * INTO CustomersBackup2013 FROM Customers; Use the IN clause to copy the table into another database:

SELECT * INTO CustomersBackup2013 IN 'Backup.mdb' FROM Customers; Copy only a few columns into the new table: SELECT CustomerName, ContactName INTO CustomersBackup2013 FROM Customers; Copy only the German customers into the new table: SELECT * INTO CustomersBackup2013 FROM Customers WHERE Country='Germany'; Copy data from more than one table into the new table: SELECT Customers.CustomerName, Orders.OrderID INTO CustomersOrderBackup2013 FROM Customers LEFT JOIN Orders ON Customers.CustomerID=Orders.CustomerID; Tip: The SELECT INTO statement can also be used to create a new, empty table using the schema of another. Just add a WHERE clause that causes the query to return no data: SELECT * INTO newtable FROM table1 WHERE 1=0;

SQL INSERT INTO SELECT Statement

Previous Next Chapter

With SQL, you can copy information from one table into another. The INSERT INTO SELECT statement copies data from one table and inserts it into an existing table.

The SQL INSERT INTO SELECT Statement

The INSERT INTO SELECT statement selects data from one table and inserts it into an existing table. Any existing rows in the target table are unaffected.

SQL INSERT INTO SELECT Syntax

We can copy all columns from one table to another, existing table: INSERT INTO table2 SELECT * FROM table1; Or we can copy only the columns we want to into another, existing table: INSERT INTO table2 (column_name(s)) SELECT column_name(s) FROM table1;

2 3

Alfreds Futterkiste Ana Trujillo Emparedados y helados Antonio Moreno Taquera

Maria Anders Obere Str. 57 Ana Trujillo Antonio Moreno Avda. de la Constitucin 2222 Mataderos 2312

Berlin

12209

Germany Mexico Mexico

Mxico 05021 D.F. Mxico 05023 D.F.

And a selection from the "Suppliers" table: SupplierID SupplierName 1 Exotic Liquid New Orleans Cajun Delights Grandma Kelly's Homestead Postal Country Phone Code (171) Charlotte 49 Gilbert EC1 Londona UK 555Cooper St. 4SD 2222 (100) P.O. Box New Shelley Burke 70117 USA 55578934 Orleans 4822 707 (313) Regina Ann Oxford 48104 USA 555Murphy Arbor Rd. 5735 ContactName Address City

SQL INSERT INTO SELECT Examples

Copy only a few columns from "Suppliers" into "Customers":

Example
INSERT INTO Customers (CustomerName, Country) SELECT SupplierName, Country FROM Suppliers; Try it yourself Copy only the German suppliers into "Customers":

Example
INSERT INTO Customers (CustomerName, Country) SELECT SupplierName, Country FROM Suppliers WHERE Country='Germany';

Try it yourself

SQL INSERT INTO SELECT Statement

Previous Next Chapter

With SQL, you can copy information from one table into another. The INSERT INTO SELECT statement copies data from one table and inserts it into an existing table.

The SQL INSERT INTO SELECT Statement

The INSERT INTO SELECT statement selects data from one table and inserts it into an existing table. Any existing rows in the target table are unaffected.

SQL INSERT INTO SELECT Syntax

Demo Database

In this tutorial we will use the well-known Northwind sample database. Below is a selection from the "Customers" table: CustomerID CustomerName ContactName Address Alfreds 1 Maria Anders Obere Str. 57 Futterkiste Avda. de la Ana Trujillo 2 Emparedados y Ana Trujillo Constitucin helados 2222 Antonio Moreno Antonio Mataderos 3 Moreno 2312 Taquera And a selection from the "Suppliers" table: SupplierID SupplierName 1 Exotic Liquid New Orleans Cajun Delights Grandma Kelly's Homestead Postal Country Phone Code (171) Charlotte 49 Gilbert EC1 Londona UK 555Cooper St. 4SD 2222 (100) P.O. Box New Shelley Burke 70117 USA 55578934 Orleans 4822 707 (313) Regina Ann Oxford 48104 USA 555Murphy Arbor Rd. 5735 ContactName Address City City Berlin PostalCode Country 12209 Germany Mexico Mexico

Mxico 05021 D.F. Mxico 05023 D.F.

SQL INSERT INTO SELECT Examples

Copy only a few columns from "Suppliers" into "Customers":

Example
INSERT INTO Customers (CustomerName, Country) SELECT SupplierName, Country FROM Suppliers; Try it yourself Copy only the German suppliers into "Customers":

Example

INSERT INTO Customers (CustomerName, Country) SELECT SupplierName, Country FROM Suppliers WHERE Country='Germany'; Try it yourself

SQL CREATE DATABASE Statement

Previous Next Chapter

The SQL CREATE DATABASE Statement

The CREATE DATABASE statement is used to create a database.

SQL CREATE DATABASE Syntax

CREATE DATABASE dbname;

SQL CREATE DATABASE Example

The following SQL statement creates a database called "my_db": CREATE DATABASE my_db; Database tables can be added with the CREATE TABLE statement.

The SQL CREATE TABLE Statement

The CREATE TABLE statement is used to create a table in a database. Tables are organized into rows and columns; and each table must have a name.

SQL CREATE TABLE Syntax

CREATE TABLE table_name ( column_name1 data_type(size), column_name2 data_type(size), column_name3 data_type(size), .... ); The column_name parameters specify the names of the columns of the table. The data_type parameter specifies what type of data the column can hold (e.g. varchar, integer, decimal, date, etc.). The size parameter specifies the maximum length of the column of the table. Tip: For an overview of the data types available in MS Access, MySQL, and SQL Server, go to our complete Data Types Reference.

SQL CREATE TABLE Example

Now we want to create a table called "Persons" that contains five columns: PersonID, LastName, FirstName, Address, and City. We use the following CREATE TABLE statement:

Example
CREATE TABLE Persons ( PersonID int, LastName varchar(255), FirstName varchar(255), Address varchar(255), City varchar(255) ); Try it yourself

The PersonID column is of type int and will hold an integer. The LastName, FirstName, Address, and City columns are of type varchar and will hold characters, and the maximum length for these fields is 255 characters. The empty "Persons" table will now look like this: PersonID LastName FirstName Address City

Tip: The empty table can be filled with data with the INSERT INTO statement.

SQL Constraints
SQL constraints are used to specify rules for the data in a table. If there is any violation between the constraint and the data action, the action is aborted by the constraint. Constraints can be specified when the table is created (inside the CREATE TABLE statement) or after the table is created (inside the ALTER TABLE statement).

SQL CREATE TABLE + CONSTRAINT Syntax

CREATE TABLE table_name ( column_name1 data_type(size) constraint_name, column_name2 data_type(size) constraint_name, column_name3 data_type(size) constraint_name, .... ); In SQL, we have the following constraints:

NOT NULL - Indicates that a column cannot store NULL value UNIQUE - Ensures that each row for a column must have a unique value

PRIMARY KEY - A combination of a NOT NULL and UNIQUE. Ensures that a column (or combination of two or more columns) have an unique identity which helps to find a particular record in a table more easily and quickly FOREIGN KEY - Ensure the referential integrity of the data in one table to match values in another table CHECK - Ensures that the value in a column meets a specific condition DEFAULT - Specifies a default value when specified none for this column

The next chapters will describe each constraint in detail. NEXT

SQL NOT NULL Constraint

The NOT NULL constraint enforces a column to NOT accept NULL values. The NOT NULL constraint enforces a field to always contain a value. This means that you cannot insert a new record, or update a record without adding a value to this field. The following SQL enforces the "P_Id" column and the "LastName" column to not accept NULL values:

Example
CREATE TABLE PersonsNotNull ( P_Id int NOT NULL, LastName varchar(255) NOT NULL, FirstName varchar(255), Address varchar(255), City varchar(255) )

SQL UNIQUE Constraint

The UNIQUE constraint uniquely identifies each record in a database table.

The UNIQUE and PRIMARY KEY constraints both provide a guarantee for uniqueness for a column or set of columns. A PRIMARY KEY constraint automatically has a UNIQUE constraint defined on it. Note that you can have many UNIQUE constraints per table, but only one PRIMARY KEY constraint per table.

SQL UNIQUE Constraint on CREATE TABLE

The following SQL creates a UNIQUE constraint on the "P_Id" column when the "Persons" table is created: SQL Server / Oracle / MS Access: CREATE TABLE PersonsUnique ( P_Id int NOT NULL UNIQUE, LastName varchar(255) NOT NULL, FirstName varchar(255), Address varchar(255), City varchar(255) ) MySQL: CREATE TABLE PersonsUnique ( P_Id int NOT NULL, LastName varchar(255) NOT NULL, FirstName varchar(255), Address varchar(255), City varchar(255), UNIQUE (P_Id) ) To allow naming of a UNIQUE constraint, and for defining a UNIQUE constraint on multiple columns, use the following SQL syntax: MySQL / SQL Server / Oracle / MS Access: CREATE TABLE PersonsUniqueMulti ( P_Id int NOT NULL,

LastName varchar(255) NOT NULL, FirstName varchar(255), Address varchar(255), City varchar(255), CONSTRAINT uc_PersonID UNIQUE (P_Id,LastName) )

SQL UNIQUE Constraint on ALTER TABLE

To create a UNIQUE constraint on the "P_Id" column when the table is already created, use the following SQL: MySQL / SQL Server / Oracle / MS Access: ALTER TABLE Persons ADD UNIQUE (P_Id) To allow naming of a UNIQUE constraint, and for defining a UNIQUE constraint on multiple columns, use the following SQL syntax: MySQL / SQL Server / Oracle / MS Access: ALTER TABLE Persons ADD CONSTRAINT uc_PersonID UNIQUE (P_Id,LastName)

To DROP a UNIQUE Constraint

To drop a UNIQUE constraint, use the following SQL: MySQL: ALTER TABLE Persons DROP INDEX uc_PersonID SQL Server / Oracle / MS Access: ALTER TABLE Persons DROP CONSTRAINT uc_PersonID

SQL PRIMARY KEY Constraint

The PRIMARY KEY constraint uniquely identifies each record in a database table. Primary keys must contain unique values. A primary key column cannot contain NULL values. Each table should have a primary key, and each table can have only ONE primary key.

SQL PRIMARY KEY Constraint on CREATE TABLE

The following SQL creates a PRIMARY KEY on the "P_Id" column when the "Persons" table is created: MySQL: CREATE TABLE Persons ( P_Id int NOT NULL, LastName varchar(255) NOT NULL, FirstName varchar(255), Address varchar(255), City varchar(255), PRIMARY KEY (P_Id) ) SQL Server / Oracle / MS Access: CREATE TABLE Persons ( P_Id int NOT NULL PRIMARY KEY, LastName varchar(255) NOT NULL, FirstName varchar(255), Address varchar(255), City varchar(255) ) To allow naming of a PRIMARY KEY constraint, and for defining a PRIMARY KEY constraint on multiple columns, use the following SQL syntax: MySQL / SQL Server / Oracle / MS Access:

CREATE TABLE Persons ( P_Id int NOT NULL, LastName varchar(255) NOT NULL, FirstName varchar(255), Address varchar(255), City varchar(255), CONSTRAINT pk_PersonID PRIMARY KEY (P_Id,LastName) ) Note: In the example above there is only ONE PRIMARY KEY (pk_PersonID). However, the value of the pk_PersonID is made up of two columns (P_Id and LastName).

SQL PRIMARY KEY Constraint on ALTER TABLE

To create a PRIMARY KEY constraint on the "P_Id" column when the table is already created, use the following SQL: MySQL / SQL Server / Oracle / MS Access: ALTER TABLE Persons ADD PRIMARY KEY (P_Id) To allow naming of a PRIMARY KEY constraint, and for defining a PRIMARY KEY constraint on multiple columns, use the following SQL syntax: MySQL / SQL Server / Oracle / MS Access: ALTER TABLE Persons ADD CONSTRAINT pk_PersonID PRIMARY KEY (P_Id,LastName) Note: If you use the ALTER TABLE statement to add a primary key, the primary key column(s) must already have been declared to not contain NULL values (when the table was first created).

To DROP a PRIMARY KEY Constraint

To drop a PRIMARY KEY constraint, use the following SQL: MySQL:

ALTER TABLE Persons DROP PRIMARY KEY SQL Server / Oracle / MS Access: ALTER TABLE Persons DROP CONSTRAINT pk_PersonID

SQL FOREIGN KEY Constraint

A FOREIGN KEY in one table points to a PRIMARY KEY in another table. Let's illustrate the foreign key with an example. Look at the following two tables: The "Persons" table: P_Id LastName FirstName Address City 1 Hansen Ola Timoteivn 10 Sandnes 2 Svendson Tove Borgvn 23 Sandnes 3 Pettersen Kari Storgt 20 Stavanger The "Orders" table: O_Id 1 2 3 4 OrderNo 77895 3 44678 3 22456 2 24562 1 P_Id

Note that the "P_Id" column in the "Orders" table points to the "P_Id" column in the "Persons" table. The "P_Id" column in the "Persons" table is the PRIMARY KEY in the "Persons" table. The "P_Id" column in the "Orders" table is a FOREIGN KEY in the "Orders" table. The FOREIGN KEY constraint is used to prevent actions that would destroy links between tables.

The FOREIGN KEY constraint also prevents invalid data from being inserted into the foreign key column, because it has to be one of the values contained in the table it points to.

SQL FOREIGN KEY Constraint on CREATE TABLE

The following SQL creates a FOREIGN KEY on the "P_Id" column when the "Orders" table is created: MySQL: CREATE TABLE Orders ( O_Id int NOT NULL, OrderNo int NOT NULL, P_Id int, PRIMARY KEY (O_Id), FOREIGN KEY (P_Id) REFERENCES Persons(P_Id) ) SQL Server / Oracle / MS Access: CREATE TABLE Orders ( O_Id int NOT NULL PRIMARY KEY, OrderNo int NOT NULL, P_Id int FOREIGN KEY REFERENCES Persons(P_Id) ) To allow naming of a FOREIGN KEY constraint, and for defining a FOREIGN KEY constraint on multiple columns, use the following SQL syntax: MySQL / SQL Server / Oracle / MS Access: CREATE TABLE Orders ( O_Id int NOT NULL, OrderNo int NOT NULL, P_Id int, PRIMARY KEY (O_Id), CONSTRAINT fk_PerOrders FOREIGN KEY (P_Id) REFERENCES Persons(P_Id) )

SQL FOREIGN KEY Constraint on ALTER TABLE

To create a FOREIGN KEY constraint on the "P_Id" column when the "Orders" table is already created, use the following SQL: MySQL / SQL Server / Oracle / MS Access: ALTER TABLE Orders ADD FOREIGN KEY (P_Id) REFERENCES Persons(P_Id) To allow naming of a FOREIGN KEY constraint, and for defining a FOREIGN KEY constraint on multiple columns, use the following SQL syntax: MySQL / SQL Server / Oracle / MS Access: ALTER TABLE Orders ADD CONSTRAINT fk_PerOrders FOREIGN KEY (P_Id) REFERENCES Persons(P_Id)

To DROP a FOREIGN KEY Constraint

To drop a FOREIGN KEY constraint, use the following SQL: MySQL: ALTER TABLE Orders DROP FOREIGN KEY fk_PerOrders SQL Server / Oracle / MS Access: ALTER TABLE Orders DROP CONSTRAINT fk_PerOrders

SQL CHECK Constraint

The CHECK constraint is used to limit the value range that can be placed in a column. If you define a CHECK constraint on a single column it allows only certain values for this column. If you define a CHECK constraint on a table it can limit the values in certain columns based on values in other columns in the row.

SQL CHECK Constraint on CREATE TABLE

The following SQL creates a CHECK constraint on the "P_Id" column when the "Persons" table is created. The CHECK constraint specifies that the column "P_Id" must only include integers greater than 0. MySQL: CREATE TABLE Persons ( P_Id int NOT NULL, LastName varchar(255) NOT NULL, FirstName varchar(255), Address varchar(255), City varchar(255), CHECK (P_Id>0) ) SQL Server / Oracle / MS Access: CREATE TABLE Persons ( P_Id int NOT NULL CHECK (P_Id>0), LastName varchar(255) NOT NULL, FirstName varchar(255), Address varchar(255), City varchar(255) ) To allow naming of a CHECK constraint, and for defining a CHECK constraint on multiple columns, use the following SQL syntax:

MySQL / SQL Server / Oracle / MS Access: CREATE TABLE Persons ( P_Id int NOT NULL, LastName varchar(255) NOT NULL, FirstName varchar(255), Address varchar(255), City varchar(255), CONSTRAINT chk_Person CHECK (P_Id>0 AND City='Sandnes') )

SQL CHECK Constraint on ALTER TABLE

To create a CHECK constraint on the "P_Id" column when the table is already created, use the following SQL: MySQL / SQL Server / Oracle / MS Access: ALTER TABLE Persons ADD CHECK (P_Id>0) To allow naming of a CHECK constraint, and for defining a CHECK constraint on multiple columns, use the following SQL syntax: MySQL / SQL Server / Oracle / MS Access: ALTER TABLE Persons ADD CONSTRAINT chk_Person CHECK (P_Id>0 AND City='Sandnes')

To DROP a CHECK Constraint

To drop a CHECK constraint, use the following SQL: SQL Server / Oracle / MS Access: ALTER TABLE Persons DROP CONSTRAINT chk_Person MySQL:

ALTER TABLE Persons DROP CHECK chk_Person

SQL DEFAULT Constraint

The DEFAULT constraint is used to insert a default value into a column. The default value will be added to all new records, if no other value is specified.

SQL DEFAULT Constraint on CREATE TABLE

The following SQL creates a DEFAULT constraint on the "City" column when the "Persons" table is created: My SQL / SQL Server / Oracle / MS Access: CREATE TABLE Persons ( P_Id int NOT NULL, LastName varchar(255) NOT NULL, FirstName varchar(255), Address varchar(255), City varchar(255) DEFAULT 'Sandnes' ) The DEFAULT constraint can also be used to insert system values, by using functions like GETDATE(): CREATE TABLE Orders ( O_Id int NOT NULL, OrderNo int NOT NULL, P_Id int, OrderDate date DEFAULT GETDATE() )

SQL DEFAULT Constraint on ALTER TABLE

To create a DEFAULT constraint on the "City" column when the table is already created, use the following SQL: MySQL: ALTER TABLE Persons ALTER City SET DEFAULT 'SANDNES' SQL Server / MS Access: ALTER TABLE Persons ALTER COLUMN City SET DEFAULT 'SANDNES' Oracle: ALTER TABLE Persons MODIFY City DEFAULT 'SANDNES'

To DROP a DEFAULT Constraint

To drop a DEFAULT constraint, use the following SQL: MySQL: ALTER TABLE Persons ALTER City DROP DEFAULT SQL Server / Oracle / MS Access: ALTER TABLE Persons ALTER COLUMN City DROP DEFAULT

The CREATE INDEX statement is used to create indexes in tables.

Indexes allow the database application to find data fast; without reading the whole table.

Indexes
An index can be created in a table to find data more quickly and efficiently. The users cannot see the indexes, they are just used to speed up searches/queries. Note: Updating a table with indexes takes more time than updating a table without (because the indexes also need an update). So you should only create indexes on columns (and tables) that will be frequently searched against.

SQL CREATE INDEX Syntax

Creates an index on a table. Duplicate values are allowed: CREATE INDEX index_name ON table_name (column_name)

SQL CREATE UNIQUE INDEX Syntax

Creates a unique index on a table. Duplicate values are not allowed: CREATE UNIQUE INDEX index_name ON table_name (column_name) Note: The syntax for creating indexes varies amongst different databases. Therefore: Check the syntax for creating indexes in your database.

CREATE INDEX Example

The SQL statement below creates an index named "PIndex" on the "LastName" column in the "Persons" table: CREATE INDEX PIndex ON Persons (LastName) If you want to create an index on a combination of columns, you can list the column names within the parentheses, separated by commas:

CREATE INDEX PIndex ON Persons (LastName, FirstName)

The DROP INDEX Statement

The DROP INDEX statement is used to delete an index in a table.

DROP INDEX Syntax for MS Access:

DROP INDEX index_name ON table_name

DROP INDEX Syntax for MS SQL Server:

DROP INDEX table_name.index_name

DROP INDEX Syntax for DB2/Oracle:

DROP INDEX index_name

DROP INDEX Syntax for MySQL:

ALTER TABLE table_name DROP INDEX index_name

The DROP TABLE Statement

The DROP TABLE statement is used to delete a table. DROP TABLE table_name

The DROP DATABASE Statement

The DROP DATABASE statement is used to delete a database.

DROP DATABASE database_name

The TRUNCATE TABLE Statement

What if we only want to delete the data inside the table, and not the table itself? Then, use the TRUNCATE TABLE statement: TRUNCATE TABLE table_name

The ALTER TABLE Statement

The ALTER TABLE statement is used to add, delete, or modify columns in an existing table.

SQL ALTER TABLE Syntax

To add a column in a table, use the following syntax: ALTER TABLE table_name ADD column_name datatype To delete a column in a table, use the following syntax (notice that some database systems don't allow deleting a column): ALTER TABLE table_name DROP COLUMN column_name To change the data type of a column in a table, use the following syntax: SQL Server / MS Access: ALTER TABLE table_name ALTER COLUMN column_name datatype My SQL / Oracle:

ALTER TABLE table_name MODIFY COLUMN column_name datatype

SQL ALTER TABLE Example

Look at the "Persons" table: P_Id LastName FirstName Address City 1 Hansen Ola Timoteivn 10 Sandnes 2 Svendson Tove Borgvn 23 Sandnes 3 Pettersen Kari Storgt 20 Stavanger Now we want to add a column named "DateOfBirth" in the "Persons" table. We use the following SQL statement: ALTER TABLE Persons ADD DateOfBirth date Notice that the new column, "DateOfBirth", is of type date and is going to hold a date. The data type specifies what type of data the column can hold. For a complete reference of all the data types available in MS Access, MySQL, and SQL Server, go to our complete Data Types reference. The "Persons" table will now like this: P_Id LastName FirstName Address City DateOfBirth 1 Hansen Ola Timoteivn 10 Sandnes 2 Svendson Tove Borgvn 23 Sandnes 3 Pettersen Kari Storgt 20 Stavanger

Change Data Type Example

Now we want to change the data type of the column named "DateOfBirth" in the "Persons" table. We use the following SQL statement: ALTER TABLE Persons ALTER COLUMN DateOfBirth year

Notice that the "DateOfBirth" column is now of type year and is going to hold a year in a twodigit or four-digit format.

DROP COLUMN Example

Next, we want to delete the column named "DateOfBirth" in the "Persons" table. We use the following SQL statement: ALTER TABLE Persons DROP COLUMN DateOfBirth The "Persons" table will now like this: P_Id LastName FirstName Address City 1 Hansen Ola Timoteivn 10 Sandnes 2 Svendson Tove Borgvn 23 Sandnes 3 Pettersen Kari Storgt 20 Stavanger

Auto-increment allows a unique number to be generated when a new record is inserted into a table.

AUTO INCREMENT a Field

Very often we would like the value of the primary key field to be created automatically every time a new record is inserted. We would like to create an auto-increment field in a table.

Syntax for MySQL

The following SQL statement defines the "ID" column to be an auto-increment primary key field in the "Persons" table: CREATE TABLE Persons ( ID int NOT NULL AUTO_INCREMENT, LastName varchar(255) NOT NULL, FirstName varchar(255), Address varchar(255), City varchar(255), PRIMARY KEY (ID) ) MySQL uses the AUTO_INCREMENT keyword to perform an auto-increment feature. By default, the starting value for AUTO_INCREMENT is 1, and it will increment by 1 for each new record. To let the AUTO_INCREMENT sequence start with another value, use the following SQL statement: ALTER TABLE Persons AUTO_INCREMENT=100 To insert a new record into the "Persons" table, we will NOT have to specify a value for the "ID" column (a unique value will be added automatically): INSERT INTO Persons (FirstName,LastName) VALUES ('Lars','Monsen') The SQL statement above would insert a new record into the "Persons" table. The "ID" column would be assigned a unique value. The "FirstName" column would be set to "Lars" and the "LastName" column would be set to "Monsen".

Syntax for SQL Server

The following SQL statement defines the "ID" column to be an auto-increment primary key field in the "Persons" table: CREATE TABLE Persons ( ID int IDENTITY(1,1) PRIMARY KEY, LastName varchar(255) NOT NULL, FirstName varchar(255), Address varchar(255),

City varchar(255) ) The MS SQL Server uses the IDENTITY keyword to perform an auto-increment feature. In the example above, the starting value for IDENTITY is 1, and it will increment by 1 for each new record. Tip: To specify that the "ID" column should start at value 10 and increment by 5, change it to IDENTITY(10,5). To insert a new record into the "Persons" table, we will NOT have to specify a value for the "ID" column (a unique value will be added automatically): INSERT INTO Persons (FirstName,LastName) VALUES ('Lars','Monsen') The SQL statement above would insert a new record into the "Persons" table. The "ID" column would be assigned a unique value. The "FirstName" column would be set to "Lars" and the "LastName" column would be set to "Monsen".

Syntax for Access

The following SQL statement defines the "ID" column to be an auto-increment primary key field in the "Persons" table: CREATE TABLE Persons ( ID Integer PRIMARY KEY AUTOINCREMENT, LastName varchar(255) NOT NULL, FirstName varchar(255), Address varchar(255), City varchar(255) ) The MS Access uses the AUTOINCREMENT keyword to perform an auto-increment feature. By default, the starting value for AUTOINCREMENT is 1, and it will increment by 1 for each new record. Tip: To specify that the "ID" column should start at value 10 and increment by 5, change the autoincrement to AUTOINCREMENT(10,5).

To insert a new record into the "Persons" table, we will NOT have to specify a value for the "ID" column (a unique value will be added automatically): INSERT INTO Persons (FirstName,LastName) VALUES ('Lars','Monsen') The SQL statement above would insert a new record into the "Persons" table. The "P_Id" column would be assigned a unique value. The "FirstName" column would be set to "Lars" and the "LastName" column would be set to "Monsen".

Syntax for Oracle

In Oracle the code is a little bit more tricky. You will have to create an auto-increment field with the sequence object (this object generates a number sequence). Use the following CREATE SEQUENCE syntax: CREATE SEQUENCE seq_person MINVALUE 1 START WITH 1 INCREMENT BY 1 CACHE 10 The code above creates a sequence object called seq_person, that starts with 1 and will increment by 1. It will also cache up to 10 values for performance. The cache option specifies how many sequence values will be stored in memory for faster access. To insert a new record into the "Persons" table, we will have to use the nextval function (this function retrieves the next value from seq_person sequence): INSERT INTO Persons (ID,FirstName,LastName) VALUES (seq_person.nextval,'Lars','Monsen') The SQL statement above would insert a new record into the "Persons" table. The "ID" column would be assigned the next number from the seq_person sequence. The "FirstName" column would be set to "Lars" and the "LastName" column would be set to "Monsen".

SQL CREATE VIEW Statement

In SQL, a view is a virtual table based on the result-set of an SQL statement. A view contains rows and columns, just like a real table. The fields in a view are fields from one or more real tables in the database. You can add SQL functions, WHERE, and JOIN statements to a view and present the data as if the data were coming from one single table.

SQL CREATE VIEW Syntax

CREATE VIEW view_name AS SELECT column_name(s) FROM table_name WHERE condition Note: A view always shows up-to-date data! The database engine recreates the data, using the view's SQL statement, every time a user queries a view.

SQL CREATE VIEW Examples

If you have the Northwind database you can see that it has several views installed by default. The view "Current Product List" lists all active products (products that are not discontinued) from the "Products" table. The view is created with the following SQL: CREATE VIEW [Current Product List] AS SELECT ProductID,ProductName FROM Products WHERE Discontinued=No We can query the view above as follows: SELECT * FROM [Current Product List]

Another view in the Northwind sample database selects every product in the "Products" table with a unit price higher than the average unit price: CREATE VIEW [Products Above Average Price] AS SELECT ProductName,UnitPrice FROM Products WHERE UnitPrice>(SELECT AVG(UnitPrice) FROM Products) We can query the view above as follows: SELECT * FROM [Products Above Average Price] Another view in the Northwind database calculates the total sale for each category in 1997. Note that this view selects its data from another view called "Product Sales for 1997": CREATE VIEW [Category Sales For 1997] AS SELECT DISTINCT CategoryName,Sum(ProductSales) AS CategorySales FROM [Product Sales for 1997] GROUP BY CategoryName We can query the view above as follows: SELECT * FROM [Category Sales For 1997] We can also add a condition to the query. Now we want to see the total sale only for the category "Beverages": SELECT * FROM [Category Sales For 1997] WHERE CategoryName='Beverages'

SQL Updating a View

You can update a view by using the following syntax:

SQL CREATE OR REPLACE VIEW Syntax

CREATE OR REPLACE VIEW view_name AS SELECT column_name(s) FROM table_name WHERE condition Now we want to add the "Category" column to the "Current Product List" view. We will update the view with the following SQL:

CREATE VIEW [Current Product List] AS SELECT ProductID,ProductName,Category FROM Products WHERE Discontinued=No

SQL Dropping a View

You can delete a view with the DROP VIEW command.

SQL DROP VIEW Syntax

DROP VIEW view_name

SQL Dates
The most difficult part when working with dates is to be sure that the format of the date you are trying to insert, matches the format of the date column in the database. As long as your data contains only the date portion, your queries will work as expected. However, if a time portion is involved, it gets complicated. Before talking about the complications of querying for dates, we will look at the most important built-in functions for working with dates.

MySQL Date Functions

The following table lists the most important built-in date functions in MySQL: Function NOW() CURDATE() CURTIME() DATE() Description Returns the current date and time Returns the current date Returns the current time Extracts the date part of a date or date/time expression

EXTRACT() Returns a single part of a date/time DATE_ADD() Adds a specified time interval to a date DATE_SUB() Subtracts a specified time interval from a date DATEDIFF() Returns the number of days between two dates DATE_FORMAT() Displays date/time data in different formats

SQL Server Date Functions

The following table lists the most important built-in date functions in SQL Server: Function GETDATE() DATEPART() DATEADD() DATEDIFF() CONVERT() Description Returns the current date and time Returns a single part of a date/time Adds or subtracts a specified time interval from a date Returns the time between two dates Displays date/time data in different formats

SQL Date Data Types

MySQL comes with the following data types for storing a date or a date/time value in the database:

DATE - format YYYY-MM-DD DATETIME - format: YYYY-MM-DD HH:MM:SS TIMESTAMP - format: YYYY-MM-DD HH:MM:SS YEAR - format YYYY or YY

SQL Server comes with the following data types for storing a date or a date/time value in the database:

DATE - format YYYY-MM-DD DATETIME - format: YYYY-MM-DD HH:MM:SS SMALLDATETIME - format: YYYY-MM-DD HH:MM:SS TIMESTAMP - format: a unique number

Note: The date types are chosen for a column when you create a new table in your database! For an overview of all data types available, go to our complete Data Types reference.

SQL Working with Dates

You can compare two dates easily if there is no time component involved! Assume we have the following "Orders" table: OrderId 1 2 3 4 ProductName OrderDate Geitost 2008-11-11 Camembert Pierrot 2008-11-09 Mozzarella di Giovanni 2008-11-11 Mascarpone Fabioli 2008-10-29

Now we want to select the records with an OrderDate of "2008-11-11" from the table above. We use the following SELECT statement: SELECT * FROM Orders WHERE OrderDate='2008-11-11' The result-set will look like this: OrderId ProductName OrderDate 1 Geitost 2008-11-11 3 Mozzarella di Giovanni 2008-11-11 Now, assume that the "Orders" table looks like this (notice the time component in the "OrderDate" column): OrderId 1 2 3 4 ProductName Geitost Camembert Pierrot Mozzarella di Giovanni Mascarpone Fabioli OrderDate 2008-11-11 13:23:44 2008-11-09 15:45:21 2008-11-11 11:12:01 2008-10-29 14:56:59

If we use the same SELECT statement as above: SELECT * FROM Orders WHERE OrderDate='2008-11-11' we will get no result! This is because the query is looking only for dates with no time portion.

Tip: If you want to keep your queries simple and easy to maintain, do not allow time components in your dates! NEXT

NULL values represent missing unknown data. By default, a table column can hold NULL values. This chapter will explain the IS NULL and IS NOT NULL operators.

SQL NULL Values

If a column in a table is optional, we can insert a new record or update an existing record without adding a value to this column. This means that the field will be saved with a NULL value. NULL values are treated differently from other values. NULL is used as a placeholder for unknown or inapplicable values. Note: It is not possible to compare NULL and 0; they are not equivalent.

SQL Working with NULL Values

Look at the following "Persons" table: P_Id LastName FirstName Address City 1 Hansen Ola Sandnes 2 Svendson Tove Borgvn 23 Sandnes 3 Pettersen Kari Stavanger Suppose that the "Address" column in the "Persons" table is optional. This means that if we insert a record with no value for the "Address" column, the "Address" column will be saved with a NULL value.

How can we test for NULL values? It is not possible to test for NULL values with comparison operators, such as =, <, or <>. We will have to use the IS NULL and IS NOT NULL operators instead.

SQL IS NULL
How do we select only the records with NULL values in the "Address" column? We will have to use the IS NULL operator: SELECT LastName,FirstName,Address FROM Persons WHERE Address IS NULL The result-set will look like this: LastName FirstName Address Hansen Ola Pettersen Kari Tip: Always use IS NULL to look for NULL values.

SQL IS NOT NULL

How do we select only the records with no NULL values in the "Address" column? We will have to use the IS NOT NULL operator: SELECT LastName,FirstName,Address FROM Persons WHERE Address IS NOT NULL The result-set will look like this: LastName FirstName Address Svendson Tove Borgvn 23 In the next chapter we will look at the ISNULL(), NVL(), IFNULL() and COALESCE() functions.

NULL values represent missing unknown data. By default, a table column can hold NULL values. This chapter will explain the IS NULL and IS NOT NULL operators.

SQL NULL Values

SQL Working with NULL Values

We will have to use the IS NULL and IS NOT NULL operators instead.

SQL IS NOT NULL

SQL General Data Types

Each column in a database table is required to have a name and a data type. SQL developers have to decide what types of data will be stored inside each and every table column when creating a SQL table. The data type is a label and a guideline for SQL to understand what type of data is expected inside of each column, and it also identifies how SQL will interact with the stored data. The following table lists the general data types in SQL: Data type CHARACTER(n) VARCHAR(n) or CHARACTER VARYING(n) BINARY(n) BOOLEAN VARBINARY(n) or BINARY VARYING(n) INTEGER(p) SMALLINT INTEGER BIGINT Description Character string. Fixed-length n Character string. Variable length. Maximum length n Binary string. Fixed-length n Stores TRUE or FALSE values Binary string. Variable length. Maximum length n

Integer numerical (no decimal). Precision p Integer numerical (no decimal). Precision 5 Integer numerical (no decimal). Precision 10 Integer numerical (no decimal). Precision 19 Exact numerical, precision p, scale s. Example: decimal(5,2) is a DECIMAL(p,s) number that has 3 digits before the decimal and 2 digits after the decimal NUMERIC(p,s) Exact numerical, precision p, scale s. (Same as DECIMAL) Approximate numerical, mantissa precision p. A floating number in FLOAT(p) base 10 exponential notation. The size argument for this type consists of a single number specifying the minimum precision REAL Approximate numerical, mantissa precision 7 FLOAT Approximate numerical, mantissa precision 16 DOUBLE PRECISION Approximate numerical, mantissa precision 16 DATE Stores year, month, and day values TIME Stores hour, minute, and second values TIMESTAMP Stores year, month, day, hour, minute, and second values Composed of a number of integer fields, representing a period of time, INTERVAL depending on the type of interval ARRAY A set-length and ordered collection of elements

MULTISET XML

A variable-length and unordered collection of elements Stores XML data

SQL Data Type Quick Reference

However, different databases offer different choices for the data type definition. The following table shows some of the common names of data types between the various database platforms: Data type boolean integer float currency string (fixed) string (variable) binary object Access Yes/No Number (integer) Number (single) Currency N/A Text (<256) Memo (65k+) OLE Object Memo SQLServer Bit Int Float Real Money Char Varchar Oracle Byte Number Number N/A Char Varchar Varchar2 MySQL N/A Int Integer Float N/A Char Varchar Blob Text PostgreSQL Boolean Int Integer Numeric Money Char Varchar Binary Varbinary

Binary (fixed up to 8K) Long Varbinary (<8K) Raw Image (<2GB)

Note: Data types might have different names in different database. And even if the name is the same, the size and other details may be different! Always check the documentation!

SQL Data Types for Various DBs

Next Chapter

Data types and ranges for Microsoft Access, MySQL and SQL Server.

Microsoft Access Data Types

Data type Text Memo Byte Integer Long Single Double Currency AutoNumber Date/Time Yes/No Ole Object Hyperlink Lookup Wizard Description Use for text or combinations of text and numbers. 255 characters maximum Memo is used for larger amounts of text. Stores up to 65,536 characters. Note: You cannot sort a memo field. However, they are searchable Allows whole numbers from 0 to 255 Allows whole numbers between -32,768 and 32,767 Allows whole numbers between -2,147,483,648 and 2,147,483,647 Single precision floating-point. Will handle most decimals Double precision floating-point. Will handle most decimals Use for currency. Holds up to 15 digits of whole dollars, plus 4 decimal places. Tip: You can choose which country's currency to use AutoNumber fields automatically give each record its own number, usually starting at 1 Use for dates and times A logical field can be displayed as Yes/No, True/False, or On/Off. In code, use the constants True and False (equivalent to -1 and 0). Note: Null values are not allowed in Yes/No fields Can store pictures, audio, video, or other BLOBs (Binary Large OBjects) Contain links to other files, including web pages Let you type a list of options, which can then be chosen from a drop-down list Storage

1 byte 2 bytes 4 bytes 4 bytes 8 bytes 8 bytes 4 bytes 8 bytes 1 bit up to 1GB 4 bytes

MySQL Data Types

In MySQL there are three main types : text, number, and Date/Time types. Text types:

Description Holds a fixed length string (can contain letters, numbers, and special CHAR(size) characters). The fixed size is specified in parenthesis. Can store up to 255 characters Holds a variable length string (can contain letters, numbers, and special characters). The maximum size is specified in parenthesis. Can store up to VARCHAR(size) 255 characters. Note: If you put a greater value than 255 it will be converted to a TEXT type TINYTEXT Holds a string with a maximum length of 255 characters TEXT Holds a string with a maximum length of 65,535 characters BLOB For BLOBs (Binary Large OBjects). Holds up to 65,535 bytes of data MEDIUMTEXT Holds a string with a maximum length of 16,777,215 characters MEDIUMBLOB For BLOBs (Binary Large OBjects). Holds up to 16,777,215 bytes of data LONGTEXT Holds a string with a maximum length of 4,294,967,295 characters LONGBLOB For BLOBs (Binary Large OBjects). Holds up to 4,294,967,295 bytes of data Let you enter a list of possible values. You can list up to 65535 values in an ENUM list. If a value is inserted that is not in the list, a blank value will be inserted. ENUM(x,y,z,etc.) Note: The values are sorted in the order you enter them. You enter the possible values in this format: ENUM('X','Y','Z') Similar to ENUM except that SET may contain up to 64 list items and can store more than one choice

Data type

SET Number types:

Description -128 to 127 normal. 0 to 255 UNSIGNED*. The maximum number of digits TINYINT(size) may be specified in parenthesis -32768 to 32767 normal. 0 to 65535 UNSIGNED*. The maximum number SMALLINT(size) of digits may be specified in parenthesis -8388608 to 8388607 normal. 0 to 16777215 UNSIGNED*. The maximum MEDIUMINT(size) number of digits may be specified in parenthesis -2147483648 to 2147483647 normal. 0 to 4294967295 UNSIGNED*. The INT(size) maximum number of digits may be specified in parenthesis -9223372036854775808 to 9223372036854775807 normal. 0 to BIGINT(size) 18446744073709551615 UNSIGNED*. The maximum number of digits may be specified in parenthesis A small number with a floating decimal point. The maximum number of FLOAT(size,d) digits may be specified in the size parameter. The maximum number of digits to the right of the decimal point is specified in the d parameter

Data type

A large number with a floating decimal point. The maximum number of digits may be specified in the size parameter. The maximum number of digits to the right of the decimal point is specified in the d parameter A DOUBLE stored as a string , allowing for a fixed decimal point. The maximum number of digits may be specified in the size parameter. The DECIMAL(size,d) maximum number of digits to the right of the decimal point is specified in the d parameter DOUBLE(size,d) *The integer types have an extra option called UNSIGNED. Normally, the integer goes from an negative to positive value. Adding the UNSIGNED attribute will move that range up so it starts at zero instead of a negative number. Date types: Data type DATE() Note: The supported range is from '1000-01-01' to '9999-12-31' *A date and time combination. Format: YYYY-MM-DD HH:MM:SS DATETIME() Note: The supported range is from '1000-01-01 00:00:00' to '9999-12-31 23:59:59' *A timestamp. TIMESTAMP values are stored as the number of seconds since the Unix epoch ('1970-01-01 00:00:00' UTC). Format: YYYY-MMDD HH:MM:SS Note: The supported range is from '1970-01-01 00:00:01' UTC to '2038-0109 03:14:07' UTC A time. Format: HH:MM:SS TIME() Note: The supported range is from '-838:59:59' to '838:59:59' A year in two-digit or four-digit format. YEAR() Note: Values allowed in four-digit format: 1901 to 2155. Values allowed in two-digit format: 70 to 69, representing years from 1970 to 2069 Description A date. Format: YYYY-MM-DD

TIMESTAMP()

*Even if DATETIME and TIMESTAMP return the same format, they work very differently. In an INSERT or UPDATE query, the TIMESTAMP automatically set itself to the current date and time. TIMESTAMP also accepts various formats, like YYYYMMDDHHMMSS, YYMMDDHHMMSS, YYYYMMDD, or YYMMDD.

SQL Server Data Types

String types: Data type char(n) varchar(n) varchar(max) text nchar nvarchar nvarchar(max) ntext bit binary(n) varbinary varbinary(max) image Number types: Data type tinyint smallint int bigint Description Allows whole numbers from 0 to 255 Allows whole numbers between -32,768 and 32,767 Allows whole numbers between -2,147,483,648 and 2,147,483,647 Allows whole numbers between -9,223,372,036,854,775,808 and 9,223,372,036,854,775,807 Fixed precision and scale numbers. Allows numbers from -10^38 +1 to 10^38 1. The p parameter indicates the maximum total number of digits that 5-17 can be stored (both to the left and to the right of the decimal point). bytes p must be a value from 1 to 38. Default is 18. The s parameter indicates the maximum number of digits stored to the right of the decimal point. s must be a value from 0 to p. Default value is 0 Storage 1 byte 2 bytes 4 bytes 8 bytes Description Fixed width character string. Maximum 8,000 characters Variable width character string. Maximum 8,000 characters Variable width character string. Maximum 1,073,741,824 characters Variable width character string. Maximum 2GB of text data Fixed width Unicode string. Maximum 4,000 characters Variable width Unicode string. Maximum 4,000 characters Variable width Unicode string. Maximum 536,870,912 characters Variable width Unicode string. Maximum 2GB of text data Allows 0, 1, or NULL Fixed width binary string. Maximum 8,000 bytes Variable width binary string. Maximum 8,000 bytes Variable width binary string. Maximum 2GB Variable width binary string. Maximum 2GB Storage Defined width 2 bytes + number of chars 2 bytes + number of chars 4 bytes + number of chars Defined width x 2

decimal(p,s)

Fixed precision and scale numbers. Allows numbers from -10^38 +1 to 10^38 1. The p parameter indicates the maximum total number of digits that 5-17 can be stored (both to the left and to the right of the decimal point). bytes p must be a value from 1 to 38. Default is 18. The s parameter indicates the maximum number of digits stored to the right of the decimal point. s must be a value from 0 to p. Default value is 0 Monetary data from -214,748.3648 to 214,748.3647 4 bytes Monetary data from -922,337,203,685,477.5808 to 8 bytes 922,337,203,685,477.5807 Floating precision number data from -1.79E + 308 to 1.79E + 308. The n parameter indicates whether the field should hold 4 or 8 bytes. float(24) holds a 4-byte field and float(53) holds an 8-byte field. Default value of n is 53. Floating precision number data from -3.40E + 38 to 3.40E + 38 4 or 8 bytes 4 bytes

numeric(p,s)

smallmoney money

float(n)

real Date types: Data type datetime datetime2 smalldatetime date time datetimeoffset

Description From January 1, 1753 to December 31, 9999 with an accuracy of 3.33 milliseconds From January 1, 0001 to December 31, 9999 with an accuracy of 100 nanoseconds From January 1, 1900 to June 6, 2079 with an accuracy of 1 minute Store a date only. From January 1, 0001 to December 31, 9999 Store a time only to an accuracy of 100 nanoseconds The same as datetime2 with the addition of a time zone offset Stores a unique number that gets updated every time a row gets created or modified. The timestamp value is based upon an internal clock and does not correspond to real time. Each table may have only one timestamp variable

Storage 8 bytes 6-8 bytes 4 bytes 3 bytes 3-5 bytes 8-10 bytes

timestamp

Other data types: Data type sql_variant Description Stores up to 8,000 bytes of data of various data types, except text, ntext, and timestamp

uniqueidentifier xml cursor table

Stores a globally unique identifier (GUID) Stores XML formatted data. Maximum 2GB Stores a reference to a cursor used for database operations Stores a result-set for later processing

SQL GROUP BY Statement

Previous Next Chapter

Aggregate functions often need an added GROUP BY statement.

The GROUP BY Statement

The GROUP BY statement is used in conjunction with the aggregate functions to group the result-set by one or more columns.

SQL GROUP BY Syntax

SELECT column_name, aggregate_function(column_name) FROM table_name WHERE column_name operator value GROUP BY column_name;

Demo Database
In this tutorial we will use the well-known Northwind sample database. Below is a selection from the "Orders" table: OrderID CustomerID EmployeeID OrderDate ShipperID

10248 10249 10250

90 81 34

5 6 4

1996-07-04 3 1996-07-05 1 1996-07-08 2

And a selection from the "Shippers" table: ShipperID ShipperName Phone 1 Speedy Express (503) 555-9831 2 United Package (503) 555-3199 3 Federal Shipping (503) 555-9931 And a selection from the "Employees" table: EmployeeID LastName FirstName BirthDate Photo Notes 1 Davolio Nancy 1968-12-08 EmpID1.pic Education includes a BA.... 2 Fuller Andrew 1952-02-19 EmpID2.pic Andrew received his BTS.... 3 Leverling Janet 1963-08-30 EmpID3.pic Janet has a BS degree....

SQL GROUP BY Example

Now we want to find the number of orders sent by each shipper. The following SQL statement counts as orders grouped by shippers:

Example
SELECT Shippers.ShipperName,COUNT(Orders.OrderID) AS NumberOfOrders FROM Orders LEFT JOIN Shippers ON Orders.ShipperID=Shippers.ShipperID GROUP BY ShipperName; Try it yourself

GROUP BY More Than One Column

We can also use the GROUP BY statement on more than one column, like this:

Example

SELECT Shippers.ShipperName, Employees.LastName, COUNT(Orders.OrderID) AS NumberOfOrders FROM ((Orders INNER JOIN Shippers ON Orders.ShipperID=Shippers.ShipperID) INNER JOIN Employees ON Orders.EmployeeID=Employees.EmployeeID) GROUP BY ShipperName,LastName; Try it yourself Previous Next Chapter NEXT

SQL NOW() Function

Previous Next Chapter

The NOW() Function

The NOW() function returns the current system date and time.

SQL NOW() Syntax

SELECT NOW() FROM table_name;

Demo Database
In this tutorial we will use the well-known Northwind sample database. Below is a selection from the "Products" table: ProductID ProductName 1 Chais SupplierID CategoryID Unit Price 1 1 10 boxes x 20 bags 18

2 3 4 5

Chang 1 Aniseed Syrup 1 Chef Anton's Cajun Seasoning 2 Chef Anton's Gumbo Mix 2

1 2 2 2

24 - 12 oz bottles 12 - 550 ml bottles 48 - 6 oz jars 36 boxes

19 10 21.35 25

SQL NOW() Example

The following SQL statement selects the product name, and price for today from the "Products" table:

Example
SELECT ProductName, Price, Now() AS PerDate FROM Products; Try it yourself

SQL FORMAT() Function

Previous Next Chapter

The FORMAT() Function

The FORMAT() function is used to format how a field is to be displayed.

SQL FORMAT() Syntax

SELECT FORMAT(column_name,format) FROM table_name; Parameter Description column_name Required. The field to be formatted. format Required. Specifies the format.

Demo Database
In this tutorial we will use the well-known Northwind sample database. Below is a selection from the "Products" table: ProductID ProductName SupplierID CategoryID Unit Price 1 Chais 1 1 10 boxes x 20 bags 18 2 Chang 1 1 24 - 12 oz bottles 19 3 Aniseed Syrup 1 2 12 - 550 ml bottles 10 4 Chef Anton's Cajun Seasoning 2 2 48 - 6 oz jars 21.35 5 Chef Anton's Gumbo Mix 2 2 36 boxes 25

SQL FORMAT() Example

The following SQL statement selects the product name, and price for today (formatted like YYYY-MM-DD) from the "Products" table:

Example
SELECT ProductName, Price, FORMAT(Now(),'YYYY-MM-DD') AS PerDate FROM Products;

SQL Quick Reference From W3Schools

Previous Next Chapter SQL Statement AND / OR ALTER TABLE Syntax SELECT column_name(s) FROM table_name WHERE condition AND|OR condition ALTER TABLE table_name

ADD column_name datatype or ALTER TABLE table_name DROP COLUMN column_name SELECT column_name AS column_alias FROM table_name AS (alias) or

SELECT column_name FROM table_name AS table_alias SELECT column_name(s) FROM table_name BETWEEN WHERE column_name BETWEEN value1 AND value2 CREATE DATABASE CREATE DATABASE database_name CREATE TABLE table_name ( column_name1 data_type, CREATE TABLE column_name2 data_type, column_name2 data_type, ... ) CREATE INDEX index_name ON table_name (column_name) CREATE INDEX or CREATE UNIQUE INDEX index_name ON table_name (column_name) CREATE VIEW view_name AS SELECT column_name(s) FROM table_name WHERE condition DELETE FROM table_name WHERE some_column=some_value or DELETE DELETE FROM table_name (Note: Deletes the entire table!!) DELETE * FROM table_name

CREATE VIEW

DROP DATABASE

DROP INDEX

DROP TABLE GROUP BY

HAVING

(Note: Deletes the entire table!!) DROP DATABASE database_name DROP INDEX table_name.index_name (SQL Server) DROP INDEX index_name ON table_name (MS Access) DROP INDEX index_name (DB2/Oracle) ALTER TABLE table_name DROP INDEX index_name (MySQL) DROP TABLE table_name SELECT column_name, aggregate_function(column_name) FROM table_name WHERE column_name operator value GROUP BY column_name SELECT column_name, aggregate_function(column_name) FROM table_name WHERE column_name operator value GROUP BY column_name HAVING aggregate_function(column_name) operator value SELECT column_name(s) FROM table_name WHERE column_name IN (value1,value2,..) INSERT INTO table_name VALUES (value1, value2, value3,....) or INSERT INTO table_name (column1, column2, column3,...) VALUES (value1, value2, value3,....) SELECT column_name(s) FROM table_name1 INNER JOIN table_name2 ON table_name1.column_name=table_name2.column_name SELECT column_name(s) FROM table_name1 LEFT JOIN table_name2 ON table_name1.column_name=table_name2.column_name SELECT column_name(s) FROM table_name1 RIGHT JOIN table_name2 ON table_name1.column_name=table_name2.column_name SELECT column_name(s) FROM table_name1 FULL JOIN table_name2

INSERT INTO

INNER JOIN

LEFT JOIN

RIGHT JOIN

FULL JOIN

ORDER BY SELECT SELECT * SELECT DISTINCT

ON table_name1.column_name=table_name2.column_name SELECT column_name(s) FROM table_name WHERE column_name LIKE pattern SELECT column_name(s) FROM table_name ORDER BY column_name [ASC|DESC] SELECT column_name(s) FROM table_name SELECT * FROM table_name SELECT DISTINCT column_name(s) FROM table_name SELECT * INTO new_table_name [IN externaldatabase] FROM old_table_name or

SELECT INTO

SELECT column_name(s) INTO new_table_name [IN externaldatabase] FROM old_table_name SELECT TOP number|percent column_name(s) SELECT TOP FROM table_name TRUNCATE TABLE TRUNCATE TABLE table_name SELECT column_name(s) FROM table_name1 UNION UNION SELECT column_name(s) FROM table_name2 SELECT column_name(s) FROM table_name1 UNION ALL UNION ALL SELECT column_name(s) FROM table_name2 UPDATE table_name UPDATE SET column1=value, column2=value,... WHERE some_column=some_value SELECT column_name(s) WHERE FROM table_name WHERE column_name operator value Source : http://www.w3schools.com/sql/sql_quickref.asp

SQL Hosting

If you want your web site to be able to store and display data from a database, your web server should have access to a database system that uses the SQL language. If your web server will be hosted by an Internet Service Provider (ISP), you will have to look for SQL hosting plans. The most common SQL hosting databases are MySQL, MS SQL Server, and MS Access. You can have SQL databases on both Windows and Linux/UNIX operating systems. Below is an overview of which database system that runs on which OS. MS SQL Server Runs only on Windows OS. MySQL Runs on Windows, Mac OS X, and Linux/UNIX operating systems. MS Access (recommended only for small websites) Runs only on Windows OS. NEXT

The SELECT DISTINCT statement is used to return only distinct (different) values.

The SQL SELECT DISTINCT Statement

In a table, a column may contain many duplicate values; and sometimes you only want to list the different (distinct) values. The DISTINCT keyword can be used to return only distinct (different) values.

SQL SELECT DISTINCT Syntax

SELECT DISTINCT column_name,column_name FROM table_name;

Demo Database
In this tutorial we will use the well-known Northwind sample database. Below is a selection from the "Customers" table: CustomerID CustomerName Alfreds 1 Futterkiste Ana Trujillo 2 Emparedados y helados Antonio Moreno 3 Taquera 4 Around the Horn 5 Berglunds snabbkp ContactName Address City Berlin PostalCode Country 12209 Germany Mexico Mexico

Maria Anders Obere Str. 57 Ana Trujillo Antonio Moreno Thomas Hardy Christina Berglund Avda. de la Constitucin 2222 Mataderos 2312

Mxico 05021 D.F. Mxico 05023 D.F.

120 Hanover London WA1 1DP UK Sq. Berguvsvgen Lule S-958 22 Sweden 8

SELECT DISTINCT Example

The following SQL statement selects only the distinct values from the "City" columns from the "Customers" table:

Example
SELECT DISTINCT City FROM Customers; Try it yourself Previous Next Chapter NEXT

SQL AND & OR Operators

Previous Next Chapter

The AND & OR operators are used to filter records based on more than one condition.

The SQL AND & OR Operators

The AND operator displays a record if both the first condition AND the second condition are true. The OR operator displays a record if either the first condition OR the second condition is true.

Maria Anders Obere Str. 57 Ana Trujillo Antonio Moreno Thomas Hardy Christina Berglund Avda. de la Constitucin 2222 Mataderos 2312

Mxico 05021 D.F. Mxico 05023 D.F.

120 Hanover London WA1 1DP UK Sq. Berguvsvgen Lule S-958 22 Sweden 8

AND Operator Example

The following SQL statement selects all customers from the country "Germany" AND the city "Berlin", in the "Customers" table:

Example
SELECT * FROM Customers WHERE Country='Germany' AND City='Berlin'; Try it yourself

OR Operator Example
The following SQL statement selects all customers from the city "Berlin" OR "Mnchen", in the "Customers" table:

Example
SELECT * FROM Customers WHERE City='Berlin' OR City='Mnchen'; Try it yourself

Combining AND & OR

You can also combine AND and OR (use parenthesis to form complex expressions). The following SQL statement selects all customers from the country "Germany" AND the city must be equal to "Berlin" OR "Mnchen", in the "Customers" table:

Example
SELECT * FROM Customers WHERE Country='Germany' AND (City='Berlin' OR City='Mnchen'); Try it yourself Previous Next Chapter

The SQL ORDER BY Keyword

The ORDER BY keyword is used to sort the result-set by one or more columns. The ORDER BY keyword sorts the records in ascending order by default. To sort the records in a descending order, you can use the DESC keyword.

SQL ORDER BY Syntax

SELECT column_name,column_name FROM table_name ORDER BY column_name,column_name ASC|DESC;

Maria Anders Obere Str. 57 Ana Trujillo Antonio Moreno Thomas Hardy Christina Berglund Avda. de la Constitucin 2222 Mataderos 2312

Mxico 05021 D.F. Mxico 05023 D.F.

120 Hanover London WA1 1DP UK Sq. Berguvsvgen Lule S-958 22 Sweden 8

ORDER BY Example
The following SQL statement selects all customers from the "Customers" table, sorted by the "Country" column:

Example
SELECT * FROM Customers ORDER BY Country; Try it yourself

ORDER BY DESC Example

The following SQL statement selects all customers from the "Customers" table, sorted DESCENDING by the "Country" column:

Example
SELECT * FROM Customers ORDER BY Country DESC; Try it yourself

ORDER BY Several Columns Example

The following SQL statement selects all customers from the "Customers" table, sorted by the "Country" and the "CustomerName" column:

Example
SELECT * FROM Customers ORDER BY Country,CustomerName;

The SQL INSERT INTO Statement

The INSERT INTO statement is used to insert new records in a table.

SQL INSERT INTO Syntax

It is possible to write the INSERT INTO statement in two forms. The first form does not specify the column names where the data will be inserted, only their values: INSERT INTO table_name VALUES (value1,value2,value3,...); The second form specifies both the column names and the values to be inserted: INSERT INTO table_name (column1,column2,column3,...) VALUES (value1,value2,value3,...);

Demo Database
In this tutorial we will use the well-known Northwind sample database. Below is a selection from the "Customers" table: CustomerID CustomerName ContactName Pirkko 87 Wartian Herkku Koskitalo Wellington 88 Paula Parente Importadora White Clover 89 Karl Jablonski Markets Matti 90 Wilman Kala Karttunen 91 Wolski Zbyszek Address Torikatu 38 City Oulu PostalCode Country 90110 Finland

Rua do Resende 08737-363 Brazil Mercado, 12 305 - 14th Ave. Seattle 98128 USA S. Suite 3B Keskuskatu 45 Helsinki 21240 ul. Filtrowa 68 Walla 01-012 Finland Poland

INSERT INTO Example

Assume we wish to insert a new row in the "Customers" table. We can use the following SQL statement:

Example
INSERT INTO Customers (CustomerName, ContactName, Address, City, PostalCode, Country) VALUES ('Cardinal','Tom B. Erichsen','Skagen 21','Stavanger','4006','Norway'); Try it yourself The selection from the "Customers" table will now look like this: CustomerID CustomerName ContactName Address Pirkko 87 Wartian Herkku Torikatu 38 Koskitalo Wellington Rua do 88 Paula Parente Importadora Mercado, 12 305 - 14th White Clover 89 Karl Jablonski Ave. S. Suite Markets 3B Matti 90 Wilman Kala Keskuskatu 45 Karttunen 91 Wolski Zbyszek ul. Filtrowa 68 92 Cardinal Tom B. Erichsen Skagen 21 City Oulu PostalCode Country 90110 Finland

Resende 08737-363 Brazil Seattle 98128 USA Finland Poland Norway

Helsinki 21240 Walla 01-012

Stavanger 4006

Did you notice that we did not insert any number into the CustomerID field? The CustomerID column is automatically updated with a unique number for each record in the table.

Insert Data Only in Specified Columns

It is also possible to only insert data in specific columns. The following SQL statement will insert a new row, but only insert data in the "CustomerName", "City", and "Country" columns (and the CustomerID field will of course also be updated automatically):

Example
INSERT INTO Customers (CustomerName, City, Country) VALUES ('Cardinal', 'Stavanger', 'Norway'); Try it yourself The selection from the "Customers" table will now look like this: CustomerID CustomerName ContactName Address Pirkko 87 Wartian Herkku Torikatu 38 Koskitalo Wellington Rua do 88 Paula Parente Importadora Mercado, 12 305 - 14th White Clover 89 Karl Jablonski Ave. S. Suite Markets 3B Matti 90 Wilman Kala Keskuskatu 45 Karttunen 91 Wolski Zbyszek ul. Filtrowa 68 92 Cardinal null null City Oulu PostalCode Country 90110 Finland

Resende 08737-363 Brazil Seattle 98128 USA Finland Poland Norway

Helsinki 21240 Walla 01-012

Stavanger null

The SQL UPDATE Statement

The UPDATE statement is used to update existing records in a table.

SQL UPDATE Syntax

UPDATE table_name SET column1=value1,column2=value2,... WHERE some_column=some_value; Notice the WHERE clause in the SQL UPDATE statement! The WHERE clause specifies which record or records that should be updated. If you omit

the WHERE clause, all records will be updated!

Maria Anders Obere Str. 57 Ana Trujillo Antonio Moreno Thomas Hardy Christina Berglund Avda. de la Constitucin 2222 Mataderos 2312

Mxico 05021 D.F. Mxico 05023 D.F.

120 Hanover London WA1 1DP UK Sq. Berguvsvgen Lule S-958 22 Sweden 8

SQL UPDATE Example

Assume we wish to update the customer "Alfreds Futterkiste" with a new contact person and city. We use the following SQL statement:

Example
UPDATE Customers SET ContactName='Alfred Schmidt', City='Hamburg' WHERE CustomerName='Alfreds Futterkiste'; Try it yourself The selection from the "Customers" table will now look like this: CustomerID CustomerName ContactName Address City PostalCode Country

2 3 4 5

Alfreds Futterkiste Ana Trujillo Emparedados y helados Antonio Moreno Taquera

Alfred Schmidt Ana Trujillo Antonio Moreno

Obere Str. 57 Avda. de la Constitucin 2222 Mataderos 2312

Hamburg 12209 Mxico 05021 D.F. Mxico 05023 D.F.

Germany Mexico Mexico

Around the Horn Thomas Hardy Berglunds snabbkp Christina Berglund

120 Hanover London Sq. Berguvsvgen Lule 8

WA1 1DP UK S-958 22 Sweden

Update Warning!
Be careful when updating records. If we had omitted the WHERE clause, in the example above, like this: UPDATE Customers SET ContactName='Alfred Schmidt', City='Hamburg'; The "Customers" table would have looked like this: CustomerID CustomerName Alfreds 1 Futterkiste Ana Trujillo 2 Emparedados y helados Antonio Moreno 3 Taquera 4 Around the Horn 5 Berglunds snabbkp ContactName Address Alfred Obere Str. 57 Schmidt Avda. de la Alfred Constitucin Schmidt 2222 Alfred Mataderos 2312 Schmidt Alfred 120 Hanover Schmidt Sq. Alfred Berguvsvgen Schmidt 8 City PostalCode Country Germany Mexico Mexico

Hamburg 12209 Hamburg 05021 Hamburg 05023

Hamburg WA1 1DP UK Hamburg S-958 22 Sweden

The DELETE statement is used to delete rows in a table.

SQL DELETE Syntax

DELETE FROM table_name WHERE some_column=some_value; Notice the WHERE clause in the SQL DELETE statement! The WHERE clause specifies which record or records that should be deleted. If you omit the WHERE clause, all records will be deleted!

Maria Anders Obere Str. 57 Ana Trujillo Antonio Moreno Thomas Hardy Christina Berglund Avda. de la Constitucin 2222 Mataderos 2312

Mxico 05021 D.F. Mxico 05023 D.F.

120 Hanover London WA1 1DP UK Sq. Berguvsvgen Lule S-958 22 Sweden 8

SQL DELETE Example

Assume we wish to delete the customer "Alfreds Futterkiste" from the "Customers" table. We use the following SQL statement:

Example

DELETE FROM Customers WHERE CustomerName='Alfreds Futterkiste' AND ContactName='Maria Anders'; Try it yourself The "Customers" table will now look like this: CustomerID CustomerName Ana Trujillo 2 Emparedados y helados Antonio Moreno 3 Taquera 4 Around the Horn 5 Berglunds snabbkp ContactName Ana Trujillo Antonio Moreno Thomas Hardy Christina Berglund Address Avda. de la Constitucin 2222 Mataderos 2312 City PostalCode Country Mexico Mexico

Mxico 05021 D.F. Mxico 05023 D.F.

120 Hanover London WA1 1DP UK Sq. Berguvsvgen Lule S-958 22 Sweden 8

Delete All Data

It is possible to delete all rows in a table without deleting the table. This means that the table structure, attributes, and indexes will be intact: DELETE FROM table_name; or DELETE * FROM table_name;

SQL in Web Pages

In the previous chapters, you have learned to retrieve (and update) database data, using SQL.

When SQL is used to display data on a web page, it is common to let web users input their own search values. Since SQL statements are text only, it is easy, with a little piece of computer code, to dynamically change SQL statements to provide the user with selected data:

Server Code
txtUserId = getRequestString("UserId"); txtSQL = "SELECT * FROM Users WHERE UserId = " + txtUserId; The example above, creates a select statement by adding a variable (txtUserId) to a select string. The variable is fetched from the user input (Request) to the page. The rest of this chapter describes the potential dangers of using user input in SQL statements.

SQL Injection
SQL injection is a technique where malicious users can inject SQL commands into an SQL statements, via web page input. Injected SQL commands can alter SQL statement and compromises the security of a web application.

SQL Injection Based on 1=1 is Always True

Look at the example above, one more time. Let's say that the original purpose of the code was to create an SQL statement to select a user with a given user id. If there is nothing to prevent a user from entering "wrong" input, the user can enter some "smart" input like this: UserId:
105 or 1=1

Server Result
SELECT * FROM Users WHERE UserId = 105 or 1=1

The SQL above is valid. It will return all rows from the table Users, since WHERE 1=1 is always true. Does the example above seem dangerous? What if the Users table contains names and passwords? The SQL statement above is much the same as this: SELECT UserId, Name, Password FROM Users WHERE UserId = 105 or 1=1 A smart hacker might get access to all the user names and passwords in a database by simply inserting 105 or 1=1 into the input box.

SQL Injection Based on ""="" is Always True

Here is a common construction, used to verify user login to a web site: User Name:

Password:

Server Code
uName = getRequestString("UserName"); uPass = getRequestString("UserPass"); sql = "SELECT * FROM Users WHERE Name ='" + uName + "' AND Pass ='" + uPass + "'" A smart hacker might get access to user names and passwords in a database by simply inserting " or ""=" into the user name or password text box. The code at the server will create a valid SQL statement like this:

Result
SELECT * FROM Users WHERE Name ="" or ""="" AND Pass ="" or ""="" The result SQL is valid. It will return all rows from the table Users, since WHERE ""="" is always true.

SQL Injection Based on Batched SQL

Most databases support batched SQL statement, separated by semicolon.

Example
SELECT * FROM Users; DROP TABLE Suppliers The SQL above will return all rows in the Customers table, and then delete the table called Suppliers. If we had the following server code:

Server Code
txtUserId = getRequestString("UserId"); txtSQL = "SELECT * FROM Users WHERE UserId = " + txtUserId; And the following input: User id:
105; DROP

The code at the server would create a valid SQL statement like this:

Result
SELECT * FROM Users WHERE UserId = 105; DROP TABLE Suppliers

Parameters for Protection

Some web developers use a "blacklist" of words or characters to search for in SQL input, to prevent SQL injection attacks. This is not a very good idea. Many of these words (like delete or drop) and characters (like semicolons and quotation marks), are used in common language, and should be allowed in many types of input. (In fact it should be perfectly legal to input an SQL statement in a database field.)

The only proven way to protect a web site from SQL injection attacks, is to use SQL parameters. SQL parameters are values that are added to an SQL query at execution time, in a controlled manner.

ASP.NET Razor Example

txtUserId = getRequestString("UserId"); txtSQL = "SELECT * FROM Users WHERE UserId = @0"; db.Execute(txtSQL,txtUserId); Note that parameters are represented in the SQL statement by a @ marker. The SQL engine checks each parameter to ensure that it is the correct for its column, and are treated literally, and not as part of the SQL to be executed.

Another Example
txtNam = getRequestString("CustomerName"); txtAdd = getRequestString("Address"); txtCit = getRequestString("City"); txtSQL = "INSERT INTO Customers (CustomerName,Address,City) Values(@0,@1,@2)"; db.Execute(txtSQL,txtNam,txtAdd,txtCit); You have just learned to avoid SQL injection. One of the top website vulnerabilities.

Examples
The following examples shows how to build parameterized queries in some common web languages. ASP.NET SELECT txtUserId = getRequestString("UserId"); sql = "SELECT * FROM Customers WHERE CustomerId = @0"; command = new SqlCommand(sql); command.Parameters.AddWithValue("@0",txtUserID); command.ExecuteReader(); ASP.NET INSERT INTO

txtNam = getRequestString("CustomerName"); txtAdd = getRequestString("Address"); txtCit = getRequestString("City"); txtSQL = "INSERT INTO Customers (CustomerName,Address,City) Values(@0,@1,@2)"; command = new SqlCommand(txtSQL); command.Parameters.AddWithValue("@0",txtNam); command.Parameters.AddWithValue("@1",txtAdd); command.Parameters.AddWithValue("@2",txtCit); command.ExecuteNonQuery(); PHP INSERT INTO $stmt = $dbh->prepare("INSERT INTO Customers (CustomerName,Address,City) VALUES (:nam, :add, :cit)"); $stmt->bindParam(':nam', $txtNam); $stmt->bindParam(':val', $txtAdd); $stmt->bindParam(':cit', $txtCit); $stmt->execute();

OracleSQL Infosys
No ratings yet
OracleSQL Infosys
43 pages
SQL Interview Questions N Answers-Easy
100% (1)
SQL Interview Questions N Answers-Easy
12 pages
Project 4 SQL Queries
No ratings yet
Project 4 SQL Queries
28 pages
Database Concept
No ratings yet
Database Concept
324 pages
Stored Procedures
No ratings yet
Stored Procedures
17 pages
SQL Queries
No ratings yet
SQL Queries
130 pages
SQL Notes ?
No ratings yet
SQL Notes ?
15 pages
Basic SQL: ITCS 201 Web Programming Part II
No ratings yet
Basic SQL: ITCS 201 Web Programming Part II
29 pages
SQL Sever Recent
No ratings yet
SQL Sever Recent
176 pages
Create Int Varchar Date Varchar State Varchar: Emp - Piyush Employeeid Empname 30 Dob City 20 20
100% (1)
Create Int Varchar Date Varchar State Varchar: Emp - Piyush Employeeid Empname 30 Dob City 20 20
10 pages
All in One Interview Question TCS Ninja
No ratings yet
All in One Interview Question TCS Ninja
27 pages
Presentation On Oracle SQL
No ratings yet
Presentation On Oracle SQL
238 pages
Python Question Bank Complete 100 Question
No ratings yet
Python Question Bank Complete 100 Question
23 pages
SQL Script
No ratings yet
SQL Script
10 pages
Correlated Subqueries
0% (1)
Correlated Subqueries
2 pages
SQL Questions
75% (4)
SQL Questions
297 pages
CTE in SQL Server - CodeProject
No ratings yet
CTE in SQL Server - CodeProject
8 pages
SkyEssPythonSyllabus 1
No ratings yet
SkyEssPythonSyllabus 1
10 pages
What Is Difference Between TRUNCATE & DELETE?: Oracle PL SQL Interview Questions For 3+ Years
No ratings yet
What Is Difference Between TRUNCATE & DELETE?: Oracle PL SQL Interview Questions For 3+ Years
16 pages
Subqueries
No ratings yet
Subqueries
22 pages
Best2 Toppers SQL-interview-Question
No ratings yet
Best2 Toppers SQL-interview-Question
47 pages
SQL
No ratings yet
SQL
141 pages
SQ L Normalization
100% (1)
SQ L Normalization
9 pages
Different Types of SQL Joins
No ratings yet
Different Types of SQL Joins
12 pages
PL SQL Exercise by Unsw
No ratings yet
PL SQL Exercise by Unsw
5 pages
SQL For Everyone (Definitive Guide)
No ratings yet
SQL For Everyone (Definitive Guide)
10 pages
Advance SQL
No ratings yet
Advance SQL
103 pages
41 Essential SQL Interview Questions and Answers - Toptal®
100% (1)
41 Essential SQL Interview Questions and Answers - Toptal®
26 pages
SQL WW3 Schools
100% (1)
SQL WW3 Schools
34 pages
T-SQL Interview Questions and Answers
No ratings yet
T-SQL Interview Questions and Answers
3 pages
Murali Sir Oracle 11g Notes PDF
100% (1)
Murali Sir Oracle 11g Notes PDF
372 pages
SQL Refresher Complete Notes PDF
No ratings yet
SQL Refresher Complete Notes PDF
352 pages
SQL Query Interview Questions and Answers
No ratings yet
SQL Query Interview Questions and Answers
14 pages
Types of SQL Commands
No ratings yet
Types of SQL Commands
56 pages
Introduction of Structured Query Language: SQL Practical File
No ratings yet
Introduction of Structured Query Language: SQL Practical File
18 pages
SQL Server Syllabus: Module 1:-Introduction To Basic Database Concepts
No ratings yet
SQL Server Syllabus: Module 1:-Introduction To Basic Database Concepts
3 pages
Basic SQL
No ratings yet
Basic SQL
12 pages
Aim: To Write A PL/SQL Program For Display The Multiplication Tables Up To Given Number. Procedure
No ratings yet
Aim: To Write A PL/SQL Program For Display The Multiplication Tables Up To Given Number. Procedure
19 pages
Data Cleaning in SQL
No ratings yet
Data Cleaning in SQL
21 pages
PLSQL Introduction Final
No ratings yet
PLSQL Introduction Final
81 pages
ADD Add Constraint Alter: Keyword Description
No ratings yet
ADD Add Constraint Alter: Keyword Description
5 pages
LAB#4
No ratings yet
LAB#4
5 pages
SQL Questions
No ratings yet
SQL Questions
4 pages
SQL Table
0% (1)
SQL Table
5 pages
Ex - No-1 Data Definition, Table Creation, Constraints
No ratings yet
Ex - No-1 Data Definition, Table Creation, Constraints
14 pages
PL SQL Assignments
No ratings yet
PL SQL Assignments
64 pages
SQL NOTES by Example
No ratings yet
SQL NOTES by Example
12 pages
B: O: D: / M: A: + S: - : Precedence: BODMAS
No ratings yet
B: O: D: / M: A: + S: - : Precedence: BODMAS
17 pages
SQL Self Joins
100% (1)
SQL Self Joins
2 pages
SQL Subquery
No ratings yet
SQL Subquery
4 pages
SQL Queries Gcreddy
No ratings yet
SQL Queries Gcreddy
11 pages
Introduction To RDBMS Participant Guide
No ratings yet
Introduction To RDBMS Participant Guide
182 pages
Questions
No ratings yet
Questions
7 pages
1-PLSQL Interview 3680
No ratings yet
1-PLSQL Interview 3680
40 pages
DBMS SQL Practice Questions Shivani
No ratings yet
DBMS SQL Practice Questions Shivani
10 pages
SQL and PLSQL
No ratings yet
SQL and PLSQL
129 pages
Sql Plsql Oracle
From Everand
Sql Plsql Oracle
Andrew Igla
No ratings yet
ORACLE 12C Complete Self-Assessment Guide
From Everand
ORACLE 12C Complete Self-Assessment Guide
Gerardus Blokdyk
No ratings yet
Beginning Microsoft SQL Server 2012 Programming
From Everand
Beginning Microsoft SQL Server 2012 Programming
Paul Atkinson
1/5 (1)
Oracle Essbase 9 Implementation Guide
From Everand
Oracle Essbase 9 Implementation Guide
Joseph Sydney Gomez
No ratings yet
Backup Mechanism in Database
No ratings yet
Backup Mechanism in Database
17 pages
SQL PerfMon Counters ReadyRef Ver 11
No ratings yet
SQL PerfMon Counters ReadyRef Ver 11
32 pages
DBMS Quiz
100% (3)
DBMS Quiz
2 pages
Erro Alteração Cadastro
No ratings yet
Erro Alteração Cadastro
803 pages
Introduction To File and Database Systems
No ratings yet
Introduction To File and Database Systems
26 pages
K1 & K2 Bit Description
No ratings yet
K1 & K2 Bit Description
5 pages
Server 2003
No ratings yet
Server 2003
3 pages
Create Multiple Purchase Orders in SAP
No ratings yet
Create Multiple Purchase Orders in SAP
11 pages
TI093 - ConfigMgr Questions
No ratings yet
TI093 - ConfigMgr Questions
7 pages
Ex Te ND Ed: Access Lists
No ratings yet
Ex Te ND Ed: Access Lists
42 pages
Multiple Pointers To A Variable
No ratings yet
Multiple Pointers To A Variable
20 pages
SC Ghost Garden
No ratings yet
SC Ghost Garden
20 pages
Mic Report
No ratings yet
Mic Report
8 pages
PLSQL Tutorial
No ratings yet
PLSQL Tutorial
120 pages
RecoverPoint 5.1 Customer Installation and Upgrade Guide
No ratings yet
RecoverPoint 5.1 Customer Installation and Upgrade Guide
42 pages
MS Access Functions Reference
No ratings yet
MS Access Functions Reference
5 pages
Dump 1
No ratings yet
Dump 1
31 pages
EC723 Multimedia Systems (3 0 0 3) : Course Learning Outcome
No ratings yet
EC723 Multimedia Systems (3 0 0 3) : Course Learning Outcome
1 page
2010 HSC Multimedia (Specimen)
No ratings yet
2010 HSC Multimedia (Specimen)
14 pages
Admin Org
No ratings yet
Admin Org
2 pages
Asa Remote Access VPN Technologies: SSLVPN Webvpn Ipsecvpn: Security Consulting Se Ccie, Cissp
No ratings yet
Asa Remote Access VPN Technologies: SSLVPN Webvpn Ipsecvpn: Security Consulting Se Ccie, Cissp
43 pages
Qno. 5 SQL 2014 Q.Paper: (B) Write The SQL Queries (1 To 4)
No ratings yet
Qno. 5 SQL 2014 Q.Paper: (B) Write The SQL Queries (1 To 4)
37 pages
CSNX Training Release Notes V4.X
No ratings yet
CSNX Training Release Notes V4.X
7 pages
Database Systems: Database Systems: Design, Implementation, and Management, Seventh Edition, Rob and Coronel
No ratings yet
Database Systems: Database Systems: Design, Implementation, and Management, Seventh Edition, Rob and Coronel
50 pages
IBM Cognos Business Intelligence 10.2.2 Curriculum: Job Role
No ratings yet
IBM Cognos Business Intelligence 10.2.2 Curriculum: Job Role
3 pages
Data Domain Health Check
No ratings yet
Data Domain Health Check
6 pages
DBMS Unit 1 Database System Architecture GTU Study Material Presentations
No ratings yet
DBMS Unit 1 Database System Architecture GTU Study Material Presentations
38 pages
List of Basic Software Modules, V1.0.0
No ratings yet
List of Basic Software Modules, V1.0.0
10 pages
Buffer Overflow Attacks
No ratings yet
Buffer Overflow Attacks
2 pages
Var 3 MS
No ratings yet
Var 3 MS
10 pages