我想从一个MySQL数据库的所有表的所有字段搜索一个给定的字符串,可能使用语法为:
SELECT * FROM * WHERE * LIKE '%stuff%'
有可能做这样的事情吗?
当前回答
即使下面的建议不应该被认为是最终的解决方案,你也可以通过这样做来实现目标:
SET SESSION group_concat_max_len = 1000000;
SET @search = 'Text_To_Search';
DROP table IF EXISTS table1;
CREATE TEMPORARY TABLE table1 AS
(SELECT
CONCAT('SELECT \'',TABLE_NAME,'\' as \'table_name\',\'',COLUMN_NAME,'\' as \'column_name\',CONVERT(count(*),char) as \'matches\' FROM `',
TABLE_NAME,'` where `',COLUMN_NAME,'` like \'%',@search,'%\' UNION ') as 'query'
FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_SCHEMA = 'db_name' limit 1000000);
set @query = (SELECT GROUP_CONCAT(t1.`query` SEPARATOR '') as 'final_query' from table1 t1 limit 1);
set @query = (SELECT SUBSTRING(@query, 1, length(@query) - 7));
PREPARE stmt FROM @query;
EXECUTE stmt;
DEALLOCATE PREPARE stmt;
请记住:
选项:group_concat_max_len和limit 1000000并不总是必需的,这将取决于您的服务器/IDE配置。以防我加进去。 执行此命令后,您将得到一个3列响应:[table_name], [column_name], [matches] 列'matches'是给定表/列中出现的次数。 这个查询非常快。
免责声明:它只对个人使用有用,换句话说,请不要在生产系统中使用它,因为考虑到搜索参数与其他字符串连接,它对SQL注入攻击很敏感。 如果你想创建一个prod. ready函数,那么你需要创建一个带有LOOP的存储过程。
其他回答
您可以查看information_schema模式。它包含所有表和表中所有字段的列表。然后,您可以使用从该表中获得的信息运行查询。
涉及的表包括SCHEMATA、tables和COLUMNS。有一些外键,这样您就可以在模式中准确地构建表的创建方式。
我也做了我自己的mysql爬虫来搜索一些wordpress配置,在界面和数据库中都无法找到它,数据库转储太沉重和不可读。我得说我现在不能没有它。
它的工作原理类似于@Olivier,但它管理外来的数据库/表名,并且是像小丑一样安全。
<?php
$database = 'database';
$criteria = '*iemblo'; // you can use * and ? as jokers
$dbh = new PDO("mysql:host=127.0.0.1;dbname={$database};charset=utf8", 'root', '');
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$tables = $dbh->query("SHOW TABLES");
while (($table = $tables->fetch(PDO::FETCH_NUM)) !== false)
{
$fields = $dbh->prepare("SELECT COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_SCHEMA = ? AND TABLE_NAME = ?");
$fields->execute(array ($database, $table[0]));
$ors = array ();
while (($field = $fields->fetch(PDO::FETCH_NUM)) !== false)
{
$ors[] = str_replace("`", "``", $field[0]) . " LIKE REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(:search, '\\\\', '\\\\\\\\'), '%', '\\%'), '_', '\\_'), '*', '%'), '?', '_')";
}
$request = 'SELECT * FROM ';
$request .= str_replace("`", "``", $table[0]);
$request .= ' WHERE ';
$request .= implode(' OR ', $ors);
$rows = $dbh->prepare($request);
$rows->execute(array ('search' => $criteria));
$count = $rows->rowCount();
if ($count == 0)
{
continue;
}
$str = "Table '{$table[0]}' contains {$count} rows matching '{$criteria}'.";
echo str_repeat('-', strlen($str)), PHP_EOL;
echo $str, PHP_EOL;
echo str_repeat('-', strlen($str)), PHP_EOL;
$counter = 1;
while (($row = $rows->fetch(PDO::FETCH_ASSOC)) !== false)
{
$col = 0;
$title = "Row #{$counter}:";
echo $title;
foreach ($row as $column => $value)
{
echo
(($col++ > 0) ? str_repeat(' ', strlen($title) + 1) : ' '),
$column, ': ',
trim(preg_replace('!\s+!', ' ', str_replace(array ("\r", "\t", "\n"), array ("", "", " "), $value))),
PHP_EOL;
}
echo PHP_EOL;
$counter++;
}
}
运行这个脚本可以输出如下内容:
---------------------------------------------------
Table 'customers' contains 1 rows matching '*iemblo'.
---------------------------------------------------
Row #1: email_client: my@email.com
numero_client_compta: C05135
nom_client: Tiemblo
adresse_facturation_1: 151, My Street
adresse_facturation_2:
ville_facturation: Nantes
code_postal_facturation: 44300
pays_facturation: FR
numero_tva_client:
zone_geographique: UE
prenom_client: Alain
commentaires:
nom_societe:
email_facturation: my@email.com
12年过去了,还没有人发帖回答下面这个问题:
我想从MySQL数据库的所有表中搜索给定字符串的所有字段
答案包括gui、模糊的概念、语法错误、需要表名或前缀的过程以及各种扭曲。下面是一个实际的、有效的、经过测试的、简单易用的答案,它建立在多个先前的答案的基础上,同时还将主键添加到结果中。
DROP PROCEDURE IF EXISTS findAll;
DELIMITER $$
CREATE PROCEDURE findAll( IN `search` TEXT )
BEGIN
SET SESSION group_concat_max_len := @@max_allowed_packet;
SELECT GROUP_CONCAT(
"SELECT '", c1.TABLE_NAME, "' AS `table`, '", c1.COLUMN_NAME, "' AS `column`, ",
"CONCAT_WS(',', ", (SELECT GROUP_CONCAT(c2.column_name) FROM `information_schema`.`columns` c2 WHERE c1.TABLE_SCHEMA=c2.TABLE_SCHEMA AND c1.TABLE_NAME=c2.TABLE_NAME AND c2.COLUMN_KEY='PRI') ,") AS pri,",
c1.COLUMN_NAME, " AS value FROM ", c1.TABLE_NAME,
" WHERE `",c1.COLUMN_NAME,"` LIKE '%", search, "%'" SEPARATOR "\nUNION\n") AS col
INTO @sql
FROM information_schema.columns c1
WHERE c1.TABLE_SCHEMA = DATABASE();
PREPARE stmt FROM @sql;
EXECUTE stmt;
DEALLOCATE PREPARE stmt;
END $$
DELIMITER ;
就是这样。你现在可以调用findAll('foobar');
不除外。你会遇到两个问题:
MySQL错误1436:线程堆栈溢出 准备好的语句需要重新准备。
将以下两行添加到/etc/mysql/mysql.conf.d/mysqld.cnf或任何你的cnf所在的地方,或者将它们保存在一个单独的文件中并复制到conf.d目录。
thread_stack = 2M
table_definition_cache = 5000
是的,显然这不应该在生产环境中运行,因为它不安全,而且会降低您的性能。
我要用这个。你只需要改变变量
$query ="SELECT `column_name` FROM `information_schema`.`columns` WHERE `table_schema`='" . $_SESSION['db'] . "' AND `table_name`='" . $table . "' ";
$stmt = $dbh->prepare($query);
$stmt->execute();
$columns = $stmt->fetchAll(PDO::FETCH_ASSOC);
$query="SELECT name FROM `" . $database . "`.`" . $table . "` WHERE ( ";
foreach ( $columns as $column ) {
$query .=" CONVERT( `" . $column['column_name'] . "` USING utf8 ) LIKE '%" . $search . "%' OR ";
}
$query = substr($query, 0, -3);
$query .= ")";
echo $query . "<br>";
$stmt=$dbh->prepare($query);
$stmt->execute();
$results = $stmt->fetchAll(PDO::FETCH_ASSOC);
echo "<pre>";
print_r ($results );
echo "</pre>";
这是我的解决方案
DROP PROCEDURE IF EXISTS findAll;
CREATE PROCEDURE `findAll`( IN `tableName` VARCHAR( 28 ) , IN `search` TEXT )
BEGIN
DECLARE finished INT DEFAULT FALSE ;
DECLARE columnName VARCHAR ( 28 ) ;
DECLARE stmtFields TEXT ;
DECLARE columnNames CURSOR FOR
SELECT DISTINCT `COLUMN_NAME` FROM `information_schema`.`COLUMNS`
WHERE `TABLE_NAME` = tableName ORDER BY `ORDINAL_POSITION` ;
DECLARE CONTINUE HANDLER FOR NOT FOUND SET finished = TRUE;
SET stmtFields = '' ;
OPEN columnNames ;
readColumns: LOOP
FETCH columnNames INTO columnName ;
IF finished THEN
LEAVE readColumns ;
END IF;
SET stmtFields = CONCAT(
stmtFields , IF ( LENGTH( stmtFields ) > 0 , ' OR' , '' ) ,
' `', tableName ,'`.`' , columnName , '` REGEXP "' , search , '"'
) ;
END LOOP;
SET @stmtQuery := CONCAT ( 'SELECT * FROM `' , tableName , '` WHERE ' , stmtFields ) ;
PREPARE stmt FROM @stmtQuery ;
EXECUTE stmt ;
CLOSE columnNames ;
END;
