I'm getting groovy records from SQL Table or Function. Example;
String subeKodu = get_sube_kodu_bul(matcher[0][1])
private String get_sube_kodu_bul(String subeAdi) {
def sql = Sql.newInstance("jdbc:jtds:sqlserver://10.xx.xx.xx:1433/DBNAME", "usrname","pass", "net.sourceforge.jtds.jdbc.Driver")
subeAdi = subeAdi.trim()
def row = sql.firstRow("SELECT TOP 1 SUBE_KODU FROM TABLENAME WHERE SUBE_ADI= '${subeAdi}'")
row != null ? (String)row.SUBE_KODU : ''
}
But I am faced with the following error;
WARNING: In Groovy SQL please do not use quotes around dynamic expressions (which start with $) as this means we cannot use a JDBC PreparedStatement and so is a security hole. Groovy has worked around your mistake but the security hole is still there. The expression so far is: SELECT TOP 1 YETKILI FROM TABLENAME WHERE SUBE_ADI = '?'
Groovy is complaining that your code may be vulnerable to a SQL injection attack.
The proper way to do this is with JDBC Prepared Statements. In Groovy, you do this as follows:
sql.firstRow("SELECT TOP 1 SUBE_KODU FROM TABLENAME WHERE SUBE_ADI= ?", [subeAdi])
For more examples of this, see the Groovy SQL tutorial and search for "prepared statements".
Also, don't forget to call close() when you are done.
Related
I'm trying the standard SELECT ... AS call to rename a column in query output with the Python Salesforce API and it's throwing following error:
... unexpected token: 'AS'", 'errorCode': 'MALFORMED_QUERY'}
So far most native language calls from SOQL have been working in the API and it seems, from here, that SELECT ... AS is valid SOQL.
Query outline:
from simple_salesforce import Salesforce
sf = Salesforce(username=myusername, password=mypassword, security_token=mytoken)
query = "select closedate as Date from opportunity"
query_list = sf.query_all(query)['records']
edit
error remains even after putting the new column name within quotes as advised in above link:
query = "select closedate as \"Date\" from Opportunity"
Thanks
As Terminus mentioned, SOQL field aliasing is not possible in SOQL in most contexts, including yours. The only case in which I have seen aliasing working in SOQL is in aggregate queries. For example, in apex you could write:
AggregateResult myResult = [SELECT count(Id) SpecialName FROM Contact];
system.debug(myResult);
and receive the result:
DEBUG|AggregateResult:{SpecialName=1630}
In python via simple-salesforce it would look like this:
sf.query_all('SELECT count(Id) SpecialName FROM Contact')
with the result:
OrderedDict([('totalSize', 1),
('done', True),
('records',
[OrderedDict([('attributes',
OrderedDict([('type', 'AggregateResult')])),
('SpecialName', 6587)])])])
Please mark as answered if this answer your question.
The syntax seems to be incorrect.
Try query = "select closedate <insert alias> from Opportunity" according to the alias notation documented here : https://developer.salesforce.com/docs/atlas.en-us.soql_sosl.meta/soql_sosl/sforce_api_calls_soql_alias.htm
today I migrated to Astyanax 1.56.42 and discovered, that withValues() on prepared statements doesn't seem to work properly with SQL SELECT...WHERE...IN ().
ArrayList<ByteBuffer> uids = new ArrayList<ByteBuffer>(fileUids.size());
for (int i = 0; i < fileUids.size(); i++) {
uids.add(ByteBuffer.wrap(UUIDtoByteArray(fileUids.get(i)), 0, 16));
}
result = KEYSPACE.prepareQuery(CF_FILESYSTEM)
.withCql("SELECT * from files where file_uid in (?);")
.asPreparedStatement()
.withValues(uids)
.execute();
If my ArrayList contains more than one entry, this results in error
SEVERE: com.netflix.astyanax.connectionpool.exceptions.BadRequestException: BadRequestException: [host=hostname(hostname):9160, latency=5(5), attempts=1]InvalidRequestException(why:there were 1 markers(?) in CQL but 2 bound variables)
What am I doing wrong? Is there any other way to handle a SQL SELECT...WHERE...IN () - statement or did I find a bug?
Best regards
Chris
As you mentioned because you are supplying a collection (ArrayList) to a single ? Astyanax throws an exception. I think you need to add a ? for each element you want to have inside the IN clause.
Say you want to have 2 ints stored in an ArrayList called arrayListObj the where clause, your statement looks like this:
SELECT & FROM users WHERE somevalue IN (arrayListObj);
Because you are suppling a collection, this cant work, so you will need multiple ?'s. I.e. you want :
SELECT name, occupation FROM users WHERE userid IN (arrayListObj.get(0), arrayListObj.get(1));
I couldn't find anything on the Astyanax wiki about using the IN clause with prepared statements.
java.util.regex.Pattern p = java.util.regex.Pattern.compile("[\\)\\(\\+\\-\\*\\s]+");
String[] tokens;
try{ tokens = p.split(s); } catch (blah) { }
How can I accomplish the above functionality in select statement in Sybase ASE 15.0.3.
The Java class works but we are trying to avoid shuttling data in and out of DBMS.
select some_function(column1) from table1
I need some suggestion as to how this some_function may be implemented.
REGEXP and SIMILAR TO appear to be useful in the where clause. We want to extract portions of a colum which stores complex expressions.
Thank you
If I try to add a where clause, containing a lambda filter on a boolean field, to a nhibernate linq query, the filter seems to be ignored:
var result = Session.Linq().Where(x=> x.Approved);
Session is an iSession and Newspaper is a simple object with the fields NewspaperId int, Name - varchar(50) and Approved - bit.
When I run this the following sql is generated:
SELECT this_.NewspaperId as Newspape1_33_0_, this_.Name as Name33_0_, this_.Approved as Approved33_0_, FROM Newspapers this_
it seems to ignore the lambda if it is for a boolean field.
It works fine for the name field, ie:
var result = Session.Linq().Where(x=> x.Name == "The Times");
results in:
exec sp_executesql N'SELECT this_.NewspaperId as Newspape1_33_0_, this_.Name as Name33_0_, this_.Approved as Approved33_0_ FROM Newspapers this_ WHERE this_.Name = #p0',N'#p0 nvarchar(9)',#p0=N'The Times'
Anybody know why I can't query on a boolean value?
Any help is greatly appreciated
I am using NHibernate 2.1 with linq
It's been a while so you've probably got your answer somewhere else a long time ago. But to answer your question: I can't see a reason why this wouldn't work. Actually I've tried it out in both NH2.1.2 and NH3.0.0. It works in both (verified by looking at the query with SQL Profiler). So it would be interesting to see the mapping you used, perhapse there's something wrong there.
In SubSonic, version 2.2, the following (MSSQL-specific) code fails:
SqlQuery update =
new Update(SomeTable)
.SetExpression(SomeTable.SomeDateTimeColumn).IsEqualTo("GETDATE()")
.Where(SomeTable.IdColumn).IsEqualTo(id);
At this point update.ToString() produces a perfectly legal SQL sentence:
UPDATE [dbo].[SomeTable] SET [SomeDateTime]=GETDATE()
WHERE [dbo].[SomeTable].[ID] = #ID0
update.Execute() however fails with:
{"Failed to convert parameter value from a String to a DateTime."}
at SubSonic.Update.Execute()
Is there any possibility to use sql server functions in expressions?
Ok, I've found a workaround - it is possible to use SQL Server functions outside of InlineQuery. The trick is that you must not use "strongly typed" version of SetExpression that uses TableColumn parameter, but pass column name strings, like this:
SqlQuery update =
new Update(SomeTable)
.SetExpression(SomeTable.Columns.SomeDateTime).IsEqualTo("GETDATE()")
.Where(SomeTable.IdColumn).IsEqualTo(id);
The important part being: SomeTable.Columns.SomeDateTime instead of SomeTable.SomeDateTimeColumn.
For the specific example you've posted you could just do the following:
SqlQuery update = new Update(SomeTable)
.SetExpression(SomeTable.SomeDateTimeColumn).IsEqualTo(DateTime.Now)
.Where(SomeTable.IdColumn).IsEqualTo(id);