BrainPill Posted February 23, 2018 Share Posted February 23, 2018 If I use the following commands: ALTER TABLE yourtab CHANGE `$colname1` `$colname2` VARCHAR(20) NOT NULL; ALTER TABLE yourtab MODIFY `$colname1` `$colname2` VARCHAR(20) NOT NULL; ALTER TABLE yourtab CHANGE COLUMN `$colname1` `$colname2` VARCHAR(20) NOT NULL; And because I use a variable inside a loop I can change an array of column names. The challenge I'm facing is that VARCHAR or other type formats are obviously obliged. is that true? Is there a possibility to change a column name and keep the type set as the original table create settings? Link to comment Share on other sites More sharing options...
justsomeguy Posted February 23, 2018 Share Posted February 23, 2018 It looks like the column definition is required. Link to comment Share on other sites More sharing options...
BrainPill Posted February 23, 2018 Author Share Posted February 23, 2018 I see this as a problem of mysql. Is there a database system that does not have this problem? Link to comment Share on other sites More sharing options...
justsomeguy Posted February 23, 2018 Share Posted February 23, 2018 I don't know. I do know that the only time I've seen an application try to dynamically change the database structure, the problems stacked up quickly. Your database design shouldn't need to be changed ideally. Link to comment Share on other sites More sharing options...
BrainPill Posted February 23, 2018 Author Share Posted February 23, 2018 1 hour ago, justsomeguy said: I don't know. I do know that the only time I've seen an application try to dynamically change the database structure, the problems stacked up quickly. Your database design shouldn't need to be changed ideally. My goal is to make column names, tablenames and database names variable. I use escape functions and I created filters myself to avoid wrong input in the database. As an extra security measure I would like to have a few scripts to change column, table and database names , making it easier to mitigate sql attacks. You say the problems stack up quickly. But what do you try to say with that? What problems do you mean? Link to comment Share on other sites More sharing options...
justsomeguy Posted February 23, 2018 Share Posted February 23, 2018 My goal is to make column names, tablenames and database names variable. Why is that a goal? Specifically, what problem are you trying to solve by making those things variable? As an extra security measure I would like to have a few scripts to change column, table and database names , making it easier to mitigate sql attacks. Why do you think that would mitigate SQL attacks? We already have well-known and easy ways to protect against things like SQL injection attacks, what does changing identifier names add to that? If someone is able to attack your database and the only thing stopping them is identifier names (which are relatively easy to figure out if they can already attack your database), the solution is to make it impossible to attack the database in the first place instead of trying to hide the names. You say the problems stack up quickly. But what do you try to say with that? What problems do you mean? I've worked with an application which added tables as needed. When you have several thousand tables all holding similar data then database maintenance becomes a nightmare. That application was poorly designed. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now