I'm migrating javascript udf to sql udf in snowflake. In javascript udf there is try catch block to handle exception. How can I implement the same in SQL udf.
Snowflake SQL user defined functions can’t include execution handling. The function definition needs to be a SQL expression, not a Snowflake Scripting block.
The function definition can be a SQL expression that returns either a scalar (i.e. single) value or, if defined as a table function, a set of rows.
Your choices are to code the UDF to avoid triggering any error condition that you wanted to trap (e.g. with a CASE to avoid all “troublesome” input values) or use a JavaScript UDF for any place where exception handling can’t be avoided.
P.S. post a new question with your actual code if you want help on if your use case can be implemented in a SQL UDF
Related
I am new to MySQL and I am building a Flask project and using mysql.connector to query a MySQL Database. I know this question has been answered many times before but this is more specific to using MySQL with Flask.
I need to pass a query where I want to plug in the table name into the query, dynamically, depending on the value stored in the session variable in Flask. But the problem is, if I try to do:
Method 1:
cur.execute('SELECT * FROM %s;',(session['table_name'],))
the database throws an error stating that such a table is not found. However, the problem is mysql.connector keeps enclosing the table name with single quotes, hence the error.
Sample Error Statement:
mysql.connector.errors.ProgrammingError: 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''52_data'' at line 1
Here the table name should be 52_data and not '52_data'.
Only other workaround, I figured, is using:
Method 2:
cur.execute('SELECT * FROM '+session['table_name']+';')
which is working but it does not escape SQL Injection, I am guessing, since it's direct concatenation, unlike Method 1, where the cur.execute() function handles the escaping, as per this question.
The value being passed is stored in a sessions variable in Flask, which is not so secure, as per Miguel's Video. Hence, I want to escape that string, without triggering off an error.
Is it possible to implement Method 1 in a way that it does not add the quotes, or maybe escape the string using some function? Or maybe any other Python/Flask package that can handle this problem better?
Or if nothing works, is checking for SQL Injection manually using regex is a wiser option?
Thanks in advance.
Note: The package name for this mysql.connector is mysql-connector-python and not any other same sounding package.
For identifiers, you can use something like:
table_name = conn.converter.escape(session['table_name'])
cur.execute('SELECT * FROM `{}`'.format(table_name))
For values placeholders, you can use your Method 1, by using the parameters in the cur.execute() method. They will be escaped and quoted.
More details in https://dev.mysql.com/doc/connector-python/en/connector-python-api-mysqlcursor-execute.html
NOTE: You don't need to end the SQL statements with ;
I am using Qt5 to access a MySQL database. It is easy to execute INSERT queries using QSqlQuery + prepare() + bindValue().
Now I noticed that bindValue() has an optional paramType parameter that can be set to QSql::Out and QSql::InOut.
Is it correct that the QSql::Out and QSql::InOut arguments are useful when CALLing procedures and that they have no use for lets say a SELECT statement? Are there other use cases than CALL?
It turned out that QSql::Out and QSql::InOut are actually intended for use with procedure calls only.
However it also turned out that Qt/MySQL parameter binding does not support the mentioned OUT and INOUT parameters types (see here).
Inside my stored function I have :
formula := "(10+10 * 1000)/12";
(a simple math formula, with numbers only, dynamically created as a string)
How do I eval this, and return the result ?
I can't use EXECUTE (not possible inside a stored function) and if I make it a stored procedure and call it from a stored function, I get "Dynamic SQL is not allowed in stored function or trigger" -as if I would have the eval directly inside the function.
I need a stored function, and not a procedure, because I need to call it inside a SELECT statement.
I don't see what using the formula is buying you. If you're writing a stored procedure, type in the formula and forget the string.
I don't think it's in your interest to make the stored proc that dynamic where the formula being evaluated has to be changing from call to call.
If you must, you'll have to write a parser to break that string up into its constitutive parts, create a parse tree, and then walk the tree to evaluate it. It's not a trivial problem. I'd rethink this.
Apparently there is no solution to this.
I have applied a "paintfull" workaround in PHP, which I will not display here as it is not the subject of the question.
I'm using Linq-to-SQL query and using stored procedure in that. I'm getting error :
Specified cast is not valid.
How to solve it ?
Check your TDetail.AMOUNT values.
Your error is not when casting to an array, but rather in the Convert.ToDouble(TDetail.AMOUNT).
Run your stored proc with those same arguments (in SSMS or Visual Studio), and try to determine which value in TDetail.AMOUNT is causing this problem.
You're seeing this exception being thrown when you cast to an array, but it would happen whenever you evaluated your LINQ query. It's nothing to do with ToArray(). It could be ToList(), and you'd find the same exception.
I'm writing a Java tool to validate SQL statements. For SELECT queries, I can do it with Connection.prepareStatement and PreparedStatemet.getMetaData. No exceptions == good query. Unfourtunately it doesn't work with eg. INSERT statements -- errors in query create exception only at executing the statement.
Is there a way to parse SQL via JDBC without executing the statement? An internal method maybe?
Unfourtunately I was also unable to find source code for Connector/J -- I'd be grateful for links to it.
OK, found an answer myself, need to call a protected method:com.mysql.jdbc.ServerPreparedStatement.getInstance(MySQLConnection conn, String sql, String catalog, int, int)