BrainPill 1 Posted February 23, 2018 Report Share Posted February 23, 2018 If I use the following commands: ALTER TABLE yourtab CHANGE `$colname1` `$colname2` VARCHAR(20) NOT NULL; ALTER TABLE yourtab MODIFY `$colname1` `$colname2` VARCHAR(20) NOT NULL; ALTER TABLE yourtab CHANGE COLUMN `$colname1` `$colname2` VARCHAR(20) NOT NULL; And because I use a variable inside a loop I can change an array of column names. The challenge I'm facing is that VARCHAR or other type formats are obviously obliged. is that true? Is there a possibility to change a column name and keep the type set as the original table create settings? Quote Link to post Share on other sites
justsomeguy 1,135 Posted February 23, 2018 Report Share Posted February 23, 2018 It looks like the column definition is required. Quote Link to post Share on other sites
BrainPill 1 Posted February 23, 2018 Author Report Share Posted February 23, 2018 I see this as a problem of mysql. Is there a database system that does not have this problem? Quote Link to post Share on other sites
justsomeguy 1,135 Posted February 23, 2018 Report Share Posted February 23, 2018 I don't know. I do know that the only time I've seen an application try to dynamically change the database structure, the problems stacked up quickly. Your database design shouldn't need to be changed ideally. Quote Link to post Share on other sites
BrainPill 1 Posted February 23, 2018 Author Report Share Posted February 23, 2018 1 hour ago, justsomeguy said: I don't know. I do know that the only time I've seen an application try to dynamically change the database structure, the problems stacked up quickly. Your database design shouldn't need to be changed ideally. My goal is to make column names, tablenames and database names variable. I use escape functions and I created filters myself to avoid wrong input in the database. As an extra security measure I would like to have a few scripts to change column, table and database names , making it easier to mitigate sql attacks. You say the problems stack up quickly. But what do you try to say with that? What problems do you mean? Quote Link to post Share on other sites
justsomeguy 1,135 Posted February 23, 2018 Report Share Posted February 23, 2018 My goal is to make column names, tablenames and database names variable. Why is that a goal? Specifically, what problem are you trying to solve by making those things variable? As an extra security measure I would like to have a few scripts to change column, table and database names , making it easier to mitigate sql attacks. Why do you think that would mitigate SQL attacks? We already have well-known and easy ways to protect against things like SQL injection attacks, what does changing identifier names add to that? If someone is able to attack your database and the only thing stopping them is identifier names (which are relatively easy to figure out if they can already attack your database), the solution is to make it impossible to attack the database in the first place instead of trying to hide the names. You say the problems stack up quickly. But what do you try to say with that? What problems do you mean? I've worked with an application which added tables as needed. When you have several thousand tables all holding similar data then database maintenance becomes a nightmare. That application was poorly designed. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.