docs.roxen.comBack to normal mode
DocsRoxen2.1TutorialsDatabase Tutorial
Copyright © 2001, Roxen Internet Software
Suggestions, comments & compliments
manuals@roxen.com

Insertion Syntax

While data extraction queries enforce the relationships between the tables in a database, data insertion queries do not. Data is always inserted into a table, never into a relation.

This fact is reflected in the SQL syntax for an insertion query. There are of course a few variations:

INSERT INTO table VALUES (value [, value ...])

is the basic version. It only allows to specify all the values in a table row. The values' order is of course relevant: it must correspond to the order the columns were defined in when the table was created.

Sometimes it's preferrable not to specify data for all the columns: data may be unknown, automatically completed by the server (unique IDs, timestamps, ...) or the default value might be acceptable for some columns. This can be obtained with the alternate syntax:

INSERT INTO table (column [, column ...]) VALUES (value [, value ...])

A value must be supplied for each column specified in the columns-list. Unspecified columns will be assigned the default value or NULL. If no default value is specified and NULL is declared invalid for a column, an error will be thrown when trying to insert.

A particular form of subquery can be used to fill in a table (usually temporary tables). This is the only form of subquery supported by the MySQL database. The syntax is:

INSERT INTO table [(column [, column ...])] SELECT ...

There are a few limitations for the SELECT query, check your server's of choice manual to know more about them.

An insert-type query doesn't return any results, so you should use SQLQUERY in RXML, or not expect any results if you're using Pike. Also, you have to watch out and Quoting quote the values you're inserting. Program errors and possible security breaches are possible of no proper quoting is used.

Insertion Query with Pike

This program was used to build the sample database, and as such it's hackishly raw. It takes the contents of a file named "country-codes.data" in the current directory. That file has one entry per row, with two tab-separated fields (country code and country name). Those same data are dumped into the sample database. 

 int main () {
  object o=Sql.sql("mysql://user:password@localhost/sample");
  array(string) rows=Stdio.read_file("countries-codes.data")/"\n";
  rows-=({""});
  foreach (rows,string row) {
    array(string)fields=row/"\t";
    o->query("insert into ids(code,name) values ('"+fields[0]+"','"+
      o->quote(fields[1])+"')");
  }
}

Insertion Query with RXML

Performing insertion queries with RXML must be considered with extreme caution: while it is a great system, it is undoubtably less flexible than the Pike programming language.

This simple RXML page will allow you to insert a new country - country code entry into the sample database: 


<form action="/roxen/2.1/tutorial/database/syntax.xml method="post">
Country name: <insert name="name"><br>
Country code: <insert name="code" maxlength=2><br>
<input type=submit><input type=cancel>
</form>

<if variable="form.name">
<!--we're inserting data here-->
<sqlquery host="mysql://user:password@localhost/sample"
  query="insert into ids(code,name) values ('','')"/>
</if>

Notice that while this sample works, and can be used in a development/internal environment, it is not suited to be used in a production environment: events such as a duplicate entry will cause uncaught exceptions, which could potentially leak information such as the database's password or the implementation internals.

See the catch tag to address these issues.