how can i use Mybatis selectKet funtionality in Node.js?
I wanted to use selectKey in xml file but it never works!
they just say "consider using Cdata"
but it's quite hard to find the way of using many ways to make query with node.js in mybatis.
somebody help me!
<select id="selectPositionNmData">
<selectKey keyProperty="result1" order="BEFORE">
SELECT
DIVN_NM
FROM
T_DIVN
WHERE
DIVN_CD = #{DIVN_CD}
</selectKey>
<selectKey keyProperty="result2" order="BEFORE">
SELECT
CONCAT("_", AUT_NAME)
FROM
qt_auth qa
where
SYS_ID = #{AUTH_SYS_ID}
</selectKey>
SELECT CONCAT(#{result1}, #{result2}) AS RESULT FROM DUAL;
</select>
Related
I want to use result set of meta-function get_node_dependencies as a subquery. Is there some way to do it?
Something like this:
select v_txtindex.StringTokenizerDelim (dep, chr(10)) over () as words
from (
select get_node_dependencies() as dep
) t;
This query thows an error Meta-function ("get_node_dependencies") can be used only in the Select clause.
I know that there is a view vs_node_dependencies that returns the same data in more readable way, but the question is generic, not related to any specific meta-function.
Most Vertica meta functions returning a report are for informational purposes on the fly, and can only be used on the outmost part of a query - so you can't apply another function on their output.
But - as you are already prepared to go through development work to split that output into tokens, you might often be even better off by querying vs_node_dependencies directly. You'll also be more flexible - is my take on this.
This question came up in a code review in reference to a select query that is necessarily constructed using string interpolation (C#) and I can't seem to find a reference one way or the other. For example, a query might look something like:
var sql = "SELECT * FROM {someTable} WHERE {indexedField} = ?";
Because of the use of a param in the WHERE clause, I think this should be safe either way; however, it would be nice to have confirmation. A couple of unsophisticated attempts suggest that, even if an injection were attempted and the query ended up looking something like this
Select * from SomeTable; SELECT * FROM SomeOtherTable Where IndexedField = "1"
the engine would still error out on trying to run multiple queries.
Any particular reason string interpolation is required?
https://docs.aws.amazon.com/qldb/latest/developerguide/driver-quickstart-dotnet.html#driver-quickstart-dotnet.step-5 using parameter probably would best help prevent against sql injection.
Injections like Select * from SomeTable; SELECT * FROM SomeOtherTable Where IndexedField = "1" would indeed error out because QLDB driver requires one txn.Execute() per query.
To reduce the risk of an injection, I would recommend:
sanitizing string interpolation to reject potentially malicious parameters
leveraging the QLDB feature that allows separation of access by PartiQL command and ledger table using IAM policies, https://aws.amazon.com/about-aws/whats-new/2021/06/amazon-qldb-supports-iam-based-access-policy-for-partiql-queries-and-ledger-tables/
For the second option, you can define permissions for certain table to reject unwanted access in case of an injection attempt.
Is it possible to apply a function like LookUpRows or Lookup to an array created with BuildRowSetFromString?
I have this:
SET #rowSet = BuildRowSetFromString(#ItemsString2, '|')
I'd like to know if there's a function on which I can do:
SET #var = LookupRows(#rowSet, ITEM_ID, ... )
I am trying already using a FOR loop. I want to know if there's a function that can do this.
No. I wish.
Best bet would be to use arrays in Server-Side JavaScript or possibly GTL.
If you want to over-engineer it, you can use XML and XPATH to do some array functions in AMPScript. I've written up a use-case with examples here on my personal blog.
Also, there is a lot more SFMC dicussion going on over in http://salesforce.stackexchange.com.
I am using websockets , nodejs v0.10.12 and also PostgreSQL 9.1, with PostGIS 2.0.
Now, on websockets, on the server side, in order to gather textual data and send them to the client I perform a query using node's pg plugin.
I have something like
var query = client.query('SELECT p_name,p_date FROM pins WHERE p_id ='+ja)
//send them and render in client as html
query.on("row", function (row, result) {result.addRow(row);});
query.on("end", function (result) {
for (var i=0; i<result.rows.length; i++){
connection.send(
'Name</br>'
+result.rows[i].p_name+
'</br>Date</br>'
+result.rows[i].p_date+
'</br>'
}
client.end();
});
Now, here is the tricky part. I want to render the date like 25/02/2012.
With the above code, I get Sat Feb 02 2002 02:00:00 GMT+0200 (Χειμερινή ώρα GTB)
To get DD/MM/YYYY I have to put a line of code like
SET datestyle = "SQL, DMY";
This is apparently PHP and I am using Javascript because I work with websockets.
The only thing I could think of is editing the above query like so
var query = client.query('SET datestyle = "SQL, DMY"; SELECT p_name,p_date FROM pins WHERE p_id ='+ja)
I dont get any errors, but on the client the date renders null.
How can I fix this?
Thanks
OK. Where to start?
This:
var query = client.query('SELECT p_name,p_date FROM pins WHERE p_id ='+ja)
is not the correct way to build a query. Used a parameterised query and protect yourself from SQL injection.
SET datestyle = "SQL, DMY";
This is apparently PHP and I am using Javascript because I work with websockets.
What? I'm trying to think of something constructive about this sentence, but the best I can think of is "What?". It is far from apparent that the above is PHP, because it isn't. The fact that you are sending it to the database ought to give you a hint that it's SQL. Also, you're not using javascript because you work with websockets. You're using javascript because you're using javascript - websockets are nothing to do with anything here.
The only thing I could think of...
Doesn't include looking in the manuals.
Go to the PostgreSQL website, click through to the documentation and manuals, and on the contents page click "Functions and Operators" and then "Data type formatting functions". Here is the link for you:
http://www.postgresql.org/docs/current/static/functions-formatting.html
You'll notice that the PostgreSQL developers not only produce extensive and detailed manuals, but they keep multiple versions online and make it simple to switch back and fore to see what's changed.
There is a whole section on this page on how to format date-times in different ways, with clear descriptions of each effect. I didn't find this using the documentation search or anything clever like that - just the obvious links on each page.
If you did a search you would find plenty on the datestyle parameter, and a little further digging would show that you can set it per-session or as a default for a given user or database.
Finally though, don't do it that way at all. Return ISO-standard date formats like #mu said (YYYY-MM-DD etc). and format them in your javascript client code.
Oh - while I'm no expert, I'm not sure that </br> is valid HTML, XHTML or XML either. Did you perhaps mean <br/>?
I'm using subsonic 2.2 in an app. I'm running a little complicated query in I have used both "And" and "Or" for a field, I'm little confused about how it is going to be translated into sql statement
MytableCollection col = DB.Select().From("mytable").Where("prop1").IsEqualTo(obj.prop1)
.And("prop2").IsEqualTo(obj.prop2)
.And("prop3").IsEqualTo(obj.prop3)
.Or("prop1").IsEqualTo(1)
.ExecuteAsCollection<MytableCollection>();
I want to perform query like this.
select * from mytable where (prop1=obj.prop1 or prop1=1) and prop2=obj.prop2 and prop23=obj.prop3
As Andra says you can use AndExpression. This should do what you want:
MytableCollection col = DB.Select().From(Mytable.Schema)
.Where(Mytable.Columns.Prop2).IsEqualTo(obj.prop2)
.And(Mytable.Columns.Prop3).IsEqualTo(obj.prop3)
.AndExpression(Mytable.Columns.Prop1).IsEqualTo(obj.prop1)
.Or(Mytable.Columns.Prop1).IsEqualTo(1)
.ExecuteAsCollection<MytableCollection>();
N.B. using MyTable.Schema and MyTable.Columns will catch a lot of issues at compile time if you rename tablees and will save errors caused by mistyping
Something that is REALLY useful to know about is also the following two methods to call in your query building:
.OpenExpression()
and
.CloseExpression()
Mix those bad buoys and you have a lot better control over knowing where things start and finish
you can use expression in subsonic 2.2.
MytableCollection col = new Select(Mytable.Schema)
.WhereExpression("prop1").IsEqualTo(obj.prop1).Or("prop1").IsEqualTo(1)
.AndExpression("prop2").IsEqualTo(obj.prop2)
.AndExpression("prop3").IsEqualTo(obj.prop3)
.ExecuteAsCollection<MytableCollection>();