Query to search an entire DB for a string - oracle

I've been tasked to do a bit of data discovery work. I'm working with our in house application, and I need to determine the first few tables that get hit when we do specific actions in the application. I have no intimate knowledge with the DB other than the fact that there are 1000 different tables I need to account for.
During my search, I came across this link https://lalitkumarb.wordpress.com/2015/01/06/sql-to-search-for-a-value-in-all-columns-of-all-atbles-in-an-entire-schema/
Which is exactly what I need, but when I run it it's not returning any data. I've confirmed that it's not working as intended by going and grabbing some data that I KNOW is in the DB and searching for that.
Here's the query I'm running
SELECT DISTINCT SUBSTR (:val, 1, 11) "Searchword",
SUBSTR (table_name, 1, 14) "Table",
SUBSTR (column_name, 1, 14) "Column"
FROM cols,
TABLE (xmlsequence (dbms_xmlgen.getxmltype ('select '
|| column_name
|| ' from '
|| table_name
|| ' where upper('
|| column_name
|| ') like upper(''%'
|| :val
|| '%'')' ).extract ('ROWSET/ROW/*') ) )
ORDER BY "Table"
/
When I execute this query, TOAD pops up with a Variables screen in which I specify the type and value of :val. I hit OK, the query executes and returns nothing.
Am I missing something?

Related

In Oracle execution time for finding a data inside comma seperated column taking too long

I am trying to find out if the list of data is in comma separated column. I have a code select * from my_table where (regexp_substr ( listcolumn, '[^,]+', 1, level ) in ('a','d')) connect by level <= regexp_count(listcolumn, ',') + 1; and table with a lot data. The problem is it works for small data table but it is taking too much time to execute for a lot a table with a lot of data. I am not expert in database. so can you please help to how to resolve this problem. Thank you in advance.
Don't split the string, look for a sub-string match (with the surrounding delimiters so that you match entire terms):
SELECT *
FROM my_table
WHERE ',' || listcolumn || ',' LIKE '%,' || 'a' || ',%'
OR ',' || listcolumn || ',' LIKE '%,' || 'd' || ',%';

PLSQL Date Filter Error

I have a table with data since 2012. I need to get data in this table from 31 days back from given date. so i wrote below query to get data.
select ('[' || work_date || '] ' || field_name || ' - ' ||work_desc) d
from DAILY_WORK
where TO_CHAR(work_date,'DD/MM/YYYY') >= TO_CHAR(to_date('30-Jan-13','dd-MON-yyyy') - (31),'DD/MM/YYYY')
order by work_date desc
When i execute this query, it returns data in below dates only.
31-AUG-12
31-OCT-12
30-DEC-12
31-DEC-12
But actually i need to get data from 2012-12-30 to 2013-01-30.
How could i do this ?
use this:
select ('[' || to_char(work_date, 'dd-MON-yyyy') || '] ' || field_name || ' - ' ||work_desc) d
from DAILY_WORK
where work_date >= to_date('30-Jan-2013','dd-MON-yyyy') - 31
order by work_date desc
You can use the below query:
select * from DAILY_WORK where work_date >= TRUNC(to_date('01-30-2013','MM/DD/YYYY')) - 31
Check date format which tool you are using As per tool i am using date format is 'MM/DD/YYYY'
This query give correct result.You can check.

How to use SELECT result record as DECODE parameters?

Is it possible to use SELECT result as DECODE parameters when this SELECT returns only one record with prepared string?
For example:
SELECT replace(replace(serialized_data)..)..) as result FROM table
Returns following result in ONE ROW:
0,'label0',1,'label1',2,'label2'
But when I put this to DECODE it's being interpreted as ONE PARAMETER.
Is there possiblity to convert this result "string" to "pure" sql code? ;)
Thanks for any help.
You could kind of replicate decode by use of instr and substr. An example below (which could probably be tidied up considerably but works):
select DTXT
,Nvl(
Substr(
DTXT
,Instr(DTXT, SEARCHTXT || VALMTCH)
+ Length(SEARCHTXT || VALMTCH)
, Instr(DTXT, VALSEP, Instr(DTXT, SEARCHTXT || VALMTCH))
- Instr(DTXT, SEARCHTXT || VALMTCH)
- Length(SEARCHTXT || VALMTCH))
,CASEOTHER)
as TXTMATCH
from (select '0=BLACK;1=GREEN;2=YELLOW;' as DTXT
,'1' as SEARCHTXT
,';' as VALSEP
,'=' as VALMTCH
,'OTHER' as CASEOTHER
from Dual)
You do need to have a semi-colon (VALSEP) at the end of the text though to ensure you can find the last value (though it's possible to work around that if I looked into it further).
list_agg or wm_concat depending on version of oracle.
http://docs.oracle.com/cd/E14072_01/server.112/e10592/functions087.htm
You can use dynamic SQL:
declare
DECTXT varchar2(4000);
begin
select replace(replace(serialized_data)..)..) as result into dectxt from table;
execute immediate 'select decode(col1,' || DECTXT || ') from tab1';
end;
This is just a quick example, not showing any output, etc.

PL/SQL query IN comma deliminated string

I am developing an application in Oracle APEX. I have a string with user id's that is comma deliminated which looks like this,
45,4932,20,19
This string is stored as
:P5_USER_ID_LIST
I want a query that will find all users that are within this list my query looks like this
SELECT * FROM users u WHERE u.user_id IN (:P5_USER_ID_LIST);
I keep getting an Oracle error: Invalid number. If I however hard code the string into the query it works. Like this:
SELECT * FROM users u WHERE u.user_id IN (45,4932,20,19);
Anyone know why this might be an issue?
A bind variable binds a value, in this case the string '45,4932,20,19'. You could use dynamic SQL and concatenation as suggested by Randy, but you would need to be very careful that the user is not able to modify this value, otherwise you have a SQL Injection issue.
A safer route would be to put the IDs into an Apex collection in a PL/SQL process:
declare
array apex_application_global.vc_arr2;
begin
array := apex_util.string_to_table (:P5_USER_ID_LIST, ',');
apex_collection.create_or_truncate_collection ('P5_ID_COLL');
apex_collection.add_members ('P5_ID_COLL', array);
end;
Then change your query to:
SELECT * FROM users u WHERE u.user_id IN
(SELECT c001 FROM apex_collections
WHERE collection_name = 'P5_ID_COLL')
An easier solution is to use instr:
SELECT * FROM users u
WHERE instr(',' || :P5_USER_ID_LIST ||',' ,',' || u.user_id|| ',', 1) !=0;
tricks:
',' || :P5_USER_ID_LIST ||','
to make your string ,45,4932,20,19,
',' || u.user_id|| ','
to have i.e. ,32, and avoid to select the 32 being in ,4932,
I have faced this situation several times and here is what i've used:
SELECT *
FROM users u
WHERE ','||to_char(:P5_USER_ID_LIST)||',' like '%,'||to_char(u.user_id)||',%'
ive used the like operator but you must be a little carefull of one aspect here: your item P5_USER_ID_LIST must be ",45,4932,20,19," so that like will compare with an exact number "',45,'".
When using it like this, the select will not mistake lets say : 5 with 15, 155, 55.
Try it out and let me know how it goes;)
Cheers ,
Alex
Create a native query rather than using "createQuery/createNamedQuery"
The reason this is an issue is that you cannot just bind an in list the way you want, and just about everyone makes this mistake at least once as they are learning Oracle (and probably SQL!).
When you bind the string '32,64,128', it effectively becomes a query like:
select ...
from t
where t.c1 in ('32,64,128')
To Oracle this is totally different to:
select ...
from t
where t.c1 in (32,64,128)
The first example has a single string value in the in list and the second has a 3 numbers in the in list. The reason you get an invalid number error is because Oracle attempts to cast the string '32,64,128' into a number, which it cannot do due to the commas in the string.
A variation of this "how do I bind an in list" question has come up on here quite a few times recently.
Generically, and without resorting to any PLSQL, worrying about SQL Injection or not binding the query correctly, you can use this trick:
with bound_inlist
as
(
select
substr(txt,
instr (txt, ',', 1, level ) + 1,
instr (txt, ',', 1, level+1) - instr (txt, ',', 1, level) -1 )
as token
from (select ','||:txt||',' txt from dual)
connect by level <= length(:txt)-length(replace(:txt,',',''))+1
)
select *
from bound_inlist a, users u
where a.token = u.id;
If possible the best idea may be to not store your user ids in csv! Put them in a table or failing that an array etc. You cannot bind a csv field as a number.
Please dont use: WHERE ','||to_char(:P5_USER_ID_LIST)||',' like '%,'||to_char(u.user_id)||',%' because you'll force a full table scan although with the users table you may not have that many so the impact will be low but against other tables in an enterprise environment this is a problem.
EDIT: I have put together a script to demonstrate the differences between the regex method and the wildcard like method. Not only is regex faster but it's also a lot more robust.
-- Create table
create table CSV_TEST
(
NUM NUMBER not null,
STR VARCHAR2(20)
);
create sequence csv_test_seq;
begin
for j in 1..10 loop
for i in 1..500000 loop
insert into csv_test( num, str ) values ( csv_test_seq.nextval, to_char( csv_test_seq.nextval ));
end loop;
commit;
end loop;
end;
/
-- Create/Recreate primary, unique and foreign key constraints
alter table CSV_TEST
add constraint CSV_TEST_PK primary key (NUM)
using index ;
alter table CSV_TEST
add constraint CSV_TEST_FK unique (STR)
using index;
select sysdate from dual;
select *
from csv_test t
where t.num in ( Select Regexp_Substr('100001, 100002, 100003 , 100004, 100005','[^,]+', 1, Level) From Dual
Connect By Regexp_Substr('100001, 100002,100003, 100004, 100005', '[^,]+', 1, Level) Is Not Null);
select sysdate from dual;
select *
from csv_test t
where ('%,' || '100001,100002, 100003, 100004 ,100005' || ',%') like '%,' || num || ',%';
select sysdate from dual;
select *
from csv_test t
where t.num in ( Select Regexp_Substr('100001, 100002, 100003 , 100004, 100005','[^,]+', 1, Level) From Dual
Connect By Regexp_Substr('100001, 100002,100003, 100004, 100005', '[^,]+', 1, Level) Is Not Null);
select sysdate from dual;
select *
from csv_test t
where ('%,' || '100001,100002, 100003, 100004 ,100005' || ',%') like '%,' || num || ',%';
select sysdate from dual;
drop table csv_test;
drop sequence csv_test_seq;
Solution from Tony Andrews works for me. The process should be added to "Page processing" >> "After submit">> "Processes".
As you are Storing User Ids as String so You can Easily match String Using Like as Below
SELECT * FROM users u WHERE u.user_id LIKE '%'||(:P5_USER_ID_LIST)||'%'
For Example
:P5_USER_ID_LIST = 45,4932,20,19
Your Query Surely Will return Any of 1 User Id which Matches to Users table
This Will Surely Resolve Your Issue , Enjoy
you will need to run this as dynamic SQL.
create the entire string, then run it dynamically.

Looking for tips on debugging Oracle row-level security functions

I'm looking for tips in debugging some of my row-level security predicates in an Oracle database. These predicates use a few concepts to determine whether the current user can see a record:
current user's Oracle username
current user's assigned Oracle roles
current user's affiliation with a record in one or more tables
I'm having trouble debugging this kind of thing on real data because I can't figure out a good way to simulate actually seeing what a specific user could see. So, I'm looking for tips. Is there a good basic framework for this kind of thing?
Here's an example of one of my predicates:
predicate := 'project_id in (' ||
'(select upr.projectid project_id ' ||
'from chemreg.usergroups_projects_vu upr, ' ||
' chemreg.usergroups_personnel_vu upe, ' ||
' chemreg.personnel pe ' ||
'where upr.usergroupid = upe.usergroup_id ' ||
' and upe.personnel_id = pe.person_id ' ||
' and upper(pe.username) = USER) ' ||
'union ' ||
'(select project_id from chemreg.project ' ||
'where active = ''Y'' and private = ''N'' ) )';
If you're trying to work out why some rows are appearing when they shouldn't, and/or why some rows are not appearing when they should, try this:
Remove all the row-level security predicates.
Run the queries, but add in the row-level security predicates by hand.
Check the results.
You can then easily change the predicates one by one (e.g. comment out individual bits) until you work out why they are giving the unexpected results.

Resources