how to escape single quotes in paramterised query - mysql

I have a problem. i am passing parameter in query using IN clause, but it is giving me error because instead of considering it as a two different values it is considering it as a one single value, so how can i handle this on sql level?
select * from table where name in ('abc','xyz'); this will work fine.
instead of this it is considering it as a
select * from table where name in ('abc,xyz'); this will give error
my parameter values are as below
basically i am checking conditional filtering. that why written this logic if values are there then consider this parameter in where clause or else ignore it.
case when '${thera}' <> '''' then
( ccp.name in ('${thera}') ) ELSE 1=1 END
Note : for avoiding conditional filtering any better approach is their then please suggest that to.

You can indeed pass a list of values as a parameter. But you need to use a Custom Parameter component.
For your example, you can create a Custom Parameter named parThera, and then for initial value you can use the expression as you would do in javascript:
['abc','xyz']
Another option is to use a function expression, like:
function (){
return "A list of words".split(" ");
}
Then, on the SQL query, add this parameter, using thera as argument name, and the parameter parThera as value.
Now you can use it inside the SQL like in your first example:
SELECT * FROM TABLE WHERE name IN (${thera})
The parameter will be expanded to 'abc','xyz', thus making it usable inside the IN (...) clause.
Note: on the SQL parameters setup, you need to specify that this parameter is of type StringArray. Otherwise it will not expand correctly.

Related

how to include hard-coded value to output from mysql query?

I've created a MySQL sproc which returns 3 separate result sets. I'm implementing the npm mysql package downstream to exec the sproc and get a result structured in json with the 3 result sets. I need the ability to filter the json result sets that are returned based on some type of indicator in each result set. For example, if I wanted to get the result set from the json response which deals specifically with Suppliers then I could use some type of js filter similar to this:
var supplierResultSet = mySqlJsonResults.filter(x => x.ResultType === 'SupplierResults');
I think SQL Server provides the ability to include a hard-coded column value in a SQL result set like this:
select
'SupplierResults',
*
from
supplier
However, this approach appears to be invalid in MySQL b/c MySQL Workbench is telling me that the sproc syntax is invalid and won't let me save the changes. Do you know if something like what I'm trying to achieve is possible in MySQL and if not then can you recommend alternative approaches that would help me achieve my ultimate goal of including some type of fixed indicator in each result set to provide a handle for downstream filtering of the json response?
If I followed you correctly, you just need to prefix * with the table name or alias:
select 'SupplierResults' hardcoded, s.* from supplier s
As far as I know, this is the SQL Standard. select * is valid only when no other expression is added in the selec clause; SQL Server is lax about this, but most other databases follow the standard.
It is also a good idea to assign a name to the column that contains the hardcoded value (I named it hardcoded in the above query).
In MySQL you can simply put the * first:
SELECT *, 'SupplierResults'
FROM supplier
Demo on dbfiddle
To be more specific, in your case, in your query you would need to do this
select
'SupplierResults',
supplier.* -- <-- this
from
supplier
Try this
create table a (f1 int);
insert into a values (1);
select 'xxx', f1, a.* from a;
Basically, if there are other fields in select, prefix '*' with table name or alias

Access query if then argument

The argument I'm looking for is, if the Members.Status field is equal to LA and the Member.Isresident field is False then the Members.Locality field will fill "LOST" in that field. I attempted to write it this way and am receiving an error of invalid syntax.
Locality: Iif ([Members.status] = "LA" and ([isresident] "False", [members.locality], "LOST")
The parentheses in your example are unbalanced. There are two ( but only one ).
Add an equal sign between [isresident] and "False". And if isresident is Yes/No data type, eliminate the quotes around False.
Re-using the field name as the alias for an expression can get you into trouble. You can avoid trouble there with a different alias such as adjusted_locality instead of Locality. But if you prefer to keep Locality as the alias, bracket it as in the example below.
Since I don't know about the context where you're attempting to use that expression, I'll suggest you try this simple SELECT to work out the syntax of the IIf expression.
SELECT
IIf(m.Status="LA" And m.isresident=False, m.locality, "LOST") AS [Locality]
FROM Members AS m;
You can create a new query, switch to SQL View, paste in that SELECT statement, and then run it to see whether any errors remain.

Creating an OR statement using existing conditions hash

I am working on a problem where I need to add an OR clause to a set of existing conditions. The current conditions are built in a hash in a method and at the end, they are used in the where clause. Here is a simplified example:
...
conds.merge!({:users => {:archived => false}})
Model.where(conds)
I am trying to add an OR clause to the current set of conditions so it would be something like '(conditions) OR new_condition'. I'd like to add the OR statement without converting each addition to the conds hash into a string. That would be my last option. I was hoping someone has done something like this before (without using Arel). I seem to recall in Rails 2 there was a way to parse a conditions hash using a method from the model (something like Model.some_method(conds) would produce the where clause string. Maybe that would be a good option to just add the OR clause on to that string. Any ideas are appreciated. Thank you for your help!
I found a way to do what I needed. Instead of changing all of the conditions that I am building, I am parsing the conditions to SQL using sanitize_sql_for_conditions. This is a private method in ActiveRecord, so I had to put a method on the model to allow me to access it. Here is my model method:
def self.convert_conditions_hash_to_sql(conditions)
self.sanitize_sql_for_conditions(conditions)
end
So, once I convert my conditions to text, I can add my OR clause (along with the appropriate parentheses) to the end of the original conditions. So, it would go something like this:
Model.where('(?) OR (model.type = ? AND model.id IN(?))', Model.convert_conditions_hash_to_sql(conds), model_type, model_id_array)

Replace IIf with SWITCH in WHERE clause

I have the following query in MS-Access 2003 and it works OK:
SELECT tblDiscounts.DiscountID, tblDiscounts.DiscountPercent, tblDiscounts.DiscountName, tblDiscounts.DiscountDescription
FROM tblDiscounts, qryPropertyPeriodRate_Count_Nested
WHERE (tblDiscounts.DiscountID) = IIf ([qryPropertyPeriodRate_Count_Nested].[CountOfWeeks]=1,1,IIf([qryPropertyPeriodRate_Count_Nested].[CountOfWeeks]=2,2,IIf([qryPropertyPeriodRate_Count_Nested].[CountOfWeeks]=3,3,4)));
I wish to replace the IIf function with the Switch function but whatever I tried didn't work. My best approach is the following:
SELECT tblDiscounts.DiscountID, tblDiscounts.DiscountPercent, tblDiscounts.DiscountName, tblDiscounts.DiscountDescription
FROM tblDiscounts, qryPropertyPeriodRate_Count_Nested
WHERE (((tblDiscounts.DiscountID)=SWITCH ([qryPropertyPeriodRate_Count_Nested].[CountOfWeeks]=1,1, [qryPropertyPeriodRate_Count_Nested].[CountOfWeeks]=2,2, [qryPropertyPeriodRate_Count_Nested].[CountOfWeeks]=3,3, [qryPropertyPeriodRate_Count_Nested].[CountOfWeeks]>3,4)));
but I get a message
Type mismatch in expression
Please advise!
One difference I can see is that if [qryPropertyPeriodRate_Count_Nested].[CountOfWeeks]<1 the nested IIfs will return 4 while the Switch statement will return Null. Check your underlying data to see if that could happen; a Null value might very well mess up the WHERE clause.

JDBC prepareStatement doesn't work

I'm trying to use the prepareStatement function. The code is below. After it executes, it returns me a bunch of vlicense strings instead of the values.
When the code finishing the statement.setString(), the statement becomes:
select 'vlicense' from Vehicle
However, it needs to be:
select vlicense from Vehicle
without the quotation marks. Can anyone tell me what's the problem?
statement = oConnection.prepareStatement("select ? from Vehicle");
String tempString = "vlicense";
statement.setString(1, tempString);
resultSet = statement.executeQuery();
You can't use parameter markers for column names, table names, data type names, or basically anything that isn't data.
When you add a bind variable to a statement like this it is escaped, so that actual SQL string in your example would go to the database as "SELECT 'vlicense' FROM Vehicle', selecting a literal string instead of the column name you want.
You need to concatenate that variable column name into your SQL statement before you prepare it:
statement = oConnection.prepareStatement("SELECT " + vlicense + " FROM Vehicle");
Bind variables are really for query parameters as opposed to dynamic queries.
The ? can't be used to specify the fields, just to do some filters in your query like:
statement = conn.prepareStatement("select field from Vehicle where name=?");
In your case your query is built as:
select 'vlicense' from Vehicle
which means: GET ME A STRING 'vlicense' FOR EACH RECORD OF 'Vehicle'. And you'll get n repeated strings depending on the number of records in your table
It has nothing to do with jdbc, prepared-statements or mysql.
It's just a wrong sql statement.
If you type:
Select 'justanexample' from Vehicle
and the table contains 4 lines, you will get 4 times
'justanexample'
'justanexample'
'justanexample'
'justanexample'
as result.
You did not specify your the table structure, but I guess the
statement should somehow look like this:
select * from Vehicle where license = ?