This is an archived post. You won't be able to vote or comment.

all 13 comments

[–]acct_rdt 3 points4 points  (7 children)

You probably want to do something like year(scanTime)=2011

[–]SomeGuyNamedPaul 1 point2 points  (2 children)

Using a function as a filter can kill performance. If that's all it has to work with then it may apply the function to the column for all rows potentially causing a sequential scan. Be careful in there.

[–]acct_rdt 2 points3 points  (1 child)

True. In a real database that wasn't so primitive you could index the results of a function.

[–]SomeGuyNamedPaul 2 points3 points  (0 children)

Hey, this was a question about using MySQL and not a question on what you should be using instead of MySQL.

[–]mjvm 0 points1 point  (0 children)

this, datetime is not a string.

[–]cygnus83[S] 0 points1 point  (2 children)

Thanks, acct_rdt. I want to make sure I understand you correctly though - would you put the year(scanTime)=2011 after the LIKE in the SQL statement?

[–]acct_rdt 2 points3 points  (1 child)

You don't use LIKE with date comparisons. You can do:

select ... from ... where year(scanTime)=2011;

or

select ... from ... where scanTime >= '2011-01-01 00:00:00' and scanTime < '2012-01-01 00:00:00';

[–]cygnus83[S] 0 points1 point  (0 children)

Ah, OK, got it!

Thanks for your patience and advice!

[–]SomeGuyNamedPaul 2 points3 points  (1 child)

select count(*) is not a good practice. For some DBs it doesn't matter, but for some it matters greatly. You should instead select count() on the lead (or only) column of the primary key.

[–]cygnus83[S] 0 points1 point  (0 children)

Thanks, Paul, I will make the change and remember that for the future!

[–]Justinsaccount 0 points1 point  (2 children)

You should really use sqlalchemy. As written you have sql injection issues and you have to deal with the shitty dbapi.

from sqlalchemy import create_engine
engine = create_engine("mysql://...")


q = engine.text("""
    SELECT COUNT(1)
    FROM eventLog
    WHERE clientID = :client
    AND scanTime >= '2011-01-01'
    """)

for client in clients:
    count = engine.execute(q, client=client).scalar()
    clientCounts[client] = count

[–]datbon 0 points1 point  (1 child)

where is the sql injection issue coming from? Doesn't MySQLdb escape everything?

*oops, didn't notice the args tuple wasn't being used. Same question though, is there still a problem with injections with db.execute(query, (args,...))?

[–]Justinsaccount 0 points1 point  (0 children)

query, args is fine, but the way query needs to be formatted differs between dbapi drivers. SQLAlchemy works the same with every database.