I have a sql like:
String sql = """SELECT id, name, sex, age, bron_year, address, phone, state, comment, is_hbp, is_dm, is_cva, is_copd, is_chd, is_cancer, is_floating, is_poor, is_disability, is_mental
FROM statistics_stin WHERE 1=1
${p.team_num == 0 ? "" : "AND team_num = ${p.team_num}"}
${p.zone == 0 ? "" : "AND team_id = ${p.zone}"}
${p.is_hbp == 2 ? "" : "AND is_hbp = ${p.is_hbp}"}
${p.is_dm == 2 ? "" : "AND is_dm = ${p.is_dm}"}
${p.is_chd == 2 ? "" : "AND is_chd = ${p.is_chd}"}
${p.is_cva == 2 ? "" : "AND is_cva = ${p.is_cva}"}
${p.is_copd == 2 ? "" : "AND is_copd = ${p.is_copd}"}
${p.is_cancer == 2 ? "" : "AND is_cancer = ${p.is_cancer}"}
${p.is_floating == 2 ? "" : "AND is_floating = ${p.is_floating}"}
${p.is_poor == 2 ? "" : "AND is_poor = ${p.is_poor}"}
${p.is_disability == 2 ? "" : "AND is_disability = ${p.is_disability}"}
${p.is_mental == 2 ? "" : "AND is_mental = ${p.is_mental}"}
${p.is_aged == 2 ? "" : (p.is_aged == 1 ? " AND age >= 65" : " AND age < 65")}
${p.is_prep_aged == 2 ? "" : (p.is_prep_aged == 1 ? "AND (age BETWEEN 60 AND 64)" : "AND (age < 60 OR age > 64)")}
${p.is_young == 2 ? "" : (p.is_young == 1 ? " AND age < 60" : " AND age >= 60")}
ORDER BY team_id ASC, id ASC
LIMIT ${start}, ${page_size}
""";
Then use :
def datasource = ctx.lookup("jdbc/mysql");
def executer = Sql.newInstance(datasource);
def rows = executer.rows(sql);
Here the p is a json object like:
p = {is_aged=2, is_cancer=2, is_chd=1, is_copd=2, is_cva=2, is_disability=2, is_dm=2, is_floating=2, is_hbp=1, is_mental=2, is_poor=2, pn=1, team_num=0, zone=0}
This way has sql injection. I know I can use params type like:
executer.rows('SELECT * from statistics_stin WHERE is_chd=:is_chd', [is_chd: 1]);
But this case has to many AND conditions, use or not will be decided by the json p.
How to do this please?
You have a problem of dynamic SQL binding, i.e. the number of bind parameters is not constant, but depend on the input.
There is an elegant solution from Tom Kyte
which has even more elegant implementation in Groovy
The basic idea is simple bind all variables, the variables that have an input value and should be used are processed normally, e.g
col1 = :col1
the variables that have no input (and shall be ignored) are binded with a dummy construct:
(1=1 or :col2 is NULL)
i.e. they are effectively ignored by shortcut evaluation.
Here two examples for three columns
def p = ["col1" : 1, "col2" : 2, "col3" : 3]
This input leads to a full query
SELECT col1, col2, col3
FROM tab WHERE
col1 = :col1 AND
col2 = :col2 AND
col3 = :col3
ORDER by col1,col2,col3
For limited input
p = [ "col3" : 3]
you get this query
SELECT col1, col2, col3
FROM tab WHERE
(1=1 or :col1 is NULL) AND
(1=1 or :col2 is NULL) AND
col3 = :col3
ORDER by col1,col2,col3
Here the Groovy creation of the SQL Statement
String sql = """SELECT col1, col2, col3
FROM tab WHERE
${(!p.col1) ? "(1=1 or :col1 is NULL)" : "col1 = :col1"} AND
${(!p.col2) ? "(1=1 or :col2 is NULL)" : "col2 = :col2"} AND
${(!p.col3) ? "(1=1 or :col3 is NULL)" : "col3 = :col3"}
ORDER by col1,col2,col3
"""
You can even get rid of the ugly 1=1 predicate;)
Another option is to build your bindings as you build the query then execute the appropriate implementation of rows
def query = new StringBuilder( "SELECT id, name, sex, age, bron_year, address, phone, state, comment, is_hbp, is_dm, is_cva, is_copd, is_chd, is_cancer, is_floating, is_poor, is_disability, is_mental FROM statistics_stin WHERE 1=1" )
def binds = []
if ( p.team_num == 0 ) {
query.append( ' AND team_num = ? ' )
binds << p.team_num
}
if ( p.zone == 0 ) {
query.append( ' AND team_id = ? ' )
binds << p.zone == 0
}
...
executer.rows(query.toString(), binds);
Related
I would need to write a SQL question based on conditions:
in Condition 1:
SELECT
*
FROM
table_1
WHERE
col_1 IS NULL
AND col_2 IS NOT NULL
and in Condition 2:
SELECT
*
FROM
table_1
WHERE
col_1 IS NULL
How would I be able to achieve this easily in Python? I know I can do filters later on but that's not super efficient as it should be.
The solution used in many tools: Make initial query with dummy TRUE WHERE clause, then depending on conditions can be concatenated with additional filters like this (simplified code):
query = 'select * from table where 1 = 1' # WHERE with dummy TRUE condition
# it can be WHERE TRUE
condition1 = True; # if both conditions are False, query will be without filters
condition2 = True;
filter1='Col1 is not null'
filter2='Col2 is not null'
if condition1:
query = query+' and '+ filter1
if condition2:
query = query+' and '+ filter2
print(query)
Result:
select * from table where 1 = 1 and Col1 is not null and Col2 is not null
More elegant solution using pypika - python query builder. You can build the whole query including table, fields, where filters and joins:
from pypika import Query, Table, Field
table = Table('table')
q = Query.from_(table).select(Field('col1'), Field('col2'))
condition1 = True;
condition2 = True;
if condition1:
q = q.where(
table.col1.notnull()
)
if condition2:
q = q.where(
table.col2.notnull()
)
print(q)
Result:
SELECT "col1","col2" FROM "table" WHERE NOT "col1" IS NULL AND NOT "col2" IS NULL
I'm learnig how to work with SQLite in Python 3. I am using this example code:
import sqlite3
con = sqlite3.connect("database.db")
cur = con.cursor()
cur.execute("create table people (city, name_last, age)")
where = "Moscow"
who = "Yeltsin"
age = 72
cur.execute("insert into people values (?, ?, ?)", (where, who, age))
con.close()
Let's assume I have multiple rows in my database with different names, ages, cities. For the sake of this test I did this by hand. This is my function to query my data:
def query_db(param1, param2, param3):
con = sqlite3.connect("database.db")
cur = con.cursor()
cur.execute("SELECT * FROM people WHERE (city == ? AND name_last == ? AND age == ?)", (param1, param2, param3))
return(cur.fetchall())
print(query_db("Moscow", "Yeltsin", 72))
I would now like to change this function in a way that it works when only one or two params are set, allowing a user to basically filter by one, two or three parameters regardless. My initial approach was to construct the query command by adding strings like this:
def query_db(param1='', param2='', param3=''):
con = sqlite3.connect("database.db")
cur = con.cursor()
if param1 != '':
if param2 != '':
if param3 != '':
cur.execute("SELECT * FROM people WHERE (city == ? AND name_last == ? AND age == ?)", (param1, param2, param3))
else:
cur.execute("SELECT * FROM people WHERE (city == ? AND name_last == ?)", (param1, param2))
else:
cur.execute("SELECT * FROM people WHERE city == ?", (param1,))
else:
cur.execute("SELECT * FROM people)
return(cur.fetchall())
print(query_db(param1="Moscow", param2="Yeltsin", param3=72))
print(query_db(param1="Moscow", param2="Yeltsin"))
print(query_db(param1="Moscow"))
There are obvious issues with that: it does not work if param1 is None and it does not feel very intuitive. I could solve the problem with more if-loops and make it work with any of the three parameters, but that can't really be the way to do it, can it?
Thanks for your help in advance!
Look this approach
def query_db(param1='', param2='', param3=''):
con = sqlite3.connect("database.db")
cur = con.cursor()
params = ()
query = "SELECT * FROM people WHERE 1=1 "
if param1:
query += " AND city == ? "
params += param1
if param2:
query += " AND name == ? "
params += param2
if param3:
query += " AND age == ? "
params += param3
cur.execute(query, params)
return(cur.fetchall())
I have a x++ script which aims to count records from a select query and later on be updated.
This is the original question for reference: convert SQL Query with Join to X++ Dynamics AX scripting
Initially, I have a SQL Query counterpart of it and it is resulting to 50 rows / records, when I convert it to X++ , it is not counting or extracting the same number of records,
Here is is the x++ script
static void Job(Args _args)
{
Table1 table1;
Table2 table2;
Table3 table3;
Table4 table4;
Table5 table5;
int i = 0;
while select forUpdate table1
join table2 where table1.field1 == table2.field1
join table3 where table1.field2 == table3.field2
join table4 where table3.field3 == table4.field3
join table5 where table3.category == table5.recid
&& table1.location == 'asia' && table2.modtye == 2
&& table3.discount == 'sample'
&& table4.name == 'hello'
&&(table5.name == 'one' || table5.name == 'two' || table5.name == 'three')
{
if (table1)
{
i = i + 1;
}
}
info(strfmt("Total : %1",i));
}
Pls help, where did i go wrong it think it's with this part
if (table1)
I also tried trimming down the codes to know where the problem arise,
while select forUpdate table1
join table2 where table1.field1 == table2.field1
&& table1.location == 'asia' && table2.modtye == 2
This part dont return result already... when I include the
&& table1.location == 'asia' && table2.modtye == 2
So i think, the problem is there, but what is wrong with the code?
I based my codes actually from this tutorial link
https://community.dynamics.com/ax/b/dynamicsaxtipoftheday/archive/2014/09/05/quickly-update-data-through-x-scripts
I suggest a simple explanation, maybe the SQL returns rows from a several companies or partitions?
AX by default returns row for the current partition and company curext() only.
If you use the crosscompany option to the select it will scan cross companies:
while select crosscompany table1 ...
You do not need to test whether table1 is found, if not found it will not enter the loop.
Also, if your sole purpose is to count the number of records it is wasteful to count manually, a single select will do:
select firstOnly /*crosscompany*/ count(RecId) from table1
exists join table2 where table1.field1 == table2.field1
exists join table3 where table1.field2 == table3.field2
exists join table4 where table3.field3 == table4.field3
exists join table5 where table3.category == table5.recid
&& table1.location == 'asia' && table2.modtye == 2
&& table3.discount == 'sample'
&& table4.name == 'hello'
&&(table5.name == 'one' || table5.name == 'two' || table5.name == 'three');
info(strfmt("Total : %1", table1.RecId));
I'm trying to create an update query in Python3/PyQt5.10/Sqlite . A select/insert query made the same way runs fine. Fields & corresponding record exist.
def updateRecords():
theDict = {
"Loc": "PyQt121",
"BoekNr" : "dfdf",
"BoekTitel" : "eeee",
"BoekBedrag" : 999
}
theFilter = " WHERE Loc = 'PyQt'"
query = QSqlQuery()
columns = ', '.join(pDict.keys())
placeholders = ':'+', :'.join(pDict.keys())
sql = 'UPDATE %s SET (%s) VALUES (%s) %s' % (pTable, columns, placeholders, pFilter)
query.prepare(sql)
for key, value in pDict.items():
query.bindValue(":"+key, value)
print (sql)
query.exec_()
print(query.lastError().databaseText())
return query.numRowsAffected()
The sql generated is UPDATE tempbooks SET (Loc, BoekNr, BoekTitel, BoekBedrag) VALUES (:Loc, :BoekNr, :BoekTitel, :BoekBedrag) WHERE Loc = 'PyQt'.
query.lastError().databaseText()) give me "No Query" and updated rows is -1.
The correct syntax for an update query:
UPDATE tablename
set col1 = val1,
col2 = val2,
col3 = val3
WHERE condition
Probably query.prepare(sql) is returning False because of invalid syntax.
Error given when adding query that runs in SQL developer but not in MS Query. Seems to not like my nested query.
Code I am using:
SELECT ORDER_DATE
,SALES_ORDER_NO
,CUSTOMER_PO_NUMBER
,DELIVER_TO
,STATUS
,ITEM_NUMBER
,DESCRIPTION
,ORD_QTY
,SUM(QUANTITY) AS ON_HAND
,PACKAGE_ID
,PACKAGE_STATUS
,MAX(TRAN_DATE) AS LAST_TRANSACTION
,MIN(DAYS) AS DAYS
FROM (
SELECT TRUNC(SH.ORDER_DATE) AS ORDER_DATE
,SH.SALES_ORDER_NO
,SH.CUSTOMER_PO_NUMBER
,SH.SHIP_CODE AS DELIVER_TO
,SH.STATUS
,SB.ITEM_NUMBER
,IM.DESCRIPTION
,SB.ORD_QTY
,BID.QUANTITY
,SPM.PACKAGE_ID
,CASE
WHEN SPM.SHIPPED = 'Y'
THEN 'SHIPPED'
WHEN SPM.STATUS = 'C'
THEN 'PACKED'
WHEN BID.QUANTITY IS NOT NULL
THEN 'AVAILABLE'
WHEN BID.QUANTITY IS NULL
THEN 'UNAVAILABLE'
END AS PACKAGE_STATUS
,CASE
WHEN SPM.SHIPPED = 'Y'
THEN TRUNC(SPM.BILLING_DATE)
WHEN SPM.STATUS = 'C'
THEN TRUNC(SPM.END_TIME)
WHEN BID.QUANTITY IS NOT NULL
THEN TRUNC(BID.ACTIVATION_TIME)
END AS TRAN_DATE
,CASE
WHEN SPM.SHIPPED = 'Y'
THEN ROUND(SYSDATE - SPM.BILLING_DATE, 0)
WHEN SPM.STATUS = 'C'
THEN ROUND(SYSDATE - SPM.END_TIME, 0)
WHEN BID.QUANTITY IS NOT NULL
THEN ROUND(SYSDATE - BID.ACTIVATION_TIME, 0)
END AS DAYS
FROM SO_HEADER SH
LEFT JOIN SO_BODY SB ON SB.SO_HEADER_TAG = SH.SO_HEADER_TAG
LEFT JOIN SO_PACKAGE_MASTER SPM ON SPM.PACKAGE_ID = SB.PACKAGE_ID
LEFT JOIN ITEM_MASTER IM ON IM.ITEM_NUMBER = SB.ITEM_NUMBER
LEFT JOIN V_BIN_ITEM_DETAIL BID ON BID.ITEM_NUMBER = SB.ITEM_NUMBER
WHERE SH.ORDER_TYPE = 'MSR'
AND (
SB.REASON_CODE IS NULL
OR SB.REASON_CODE NOT LIKE 'CANCEL%'
)
AND (
IM.DESCRIPTION NOT LIKE '%CKV%'
OR IM.DESCRIPTION IS NULL
AND IM.ITEM_NUMBER IS NOT NULL
)
)
WHERE PACKAGE_STATUS <> 'SHIPPED'
GROUP BY ORDER_DATE
,SALES_ORDER_NO
,CUSTOMER_PO_NUMBER
,DELIVER_TO
,STATUS
,ITEM_NUMBER
,DESCRIPTION
,ORD_QTY
,PACKAGE_ID
,PACKAGE_STATUS
ORDER BY (
CASE PACKAGE_STATUS
WHEN 'AVAILABLE'
THEN 1
WHEN 'UNAVAILABLE'
THEN 2
WHEN 'PACKED'
THEN 3
END
)
,LAST_TRANSACTION;
Is there any option I can select that will allow me to run this query?