MySQL adding string to itself - mysql

I'm trying to add string to itself in MySQL in cursor, i need that for my dynamic SQL query.
I have my string set before cursor
ESQL3 = "FIRST PART OF QUERY ";
Now in cursor i want to add the rest of the query, im using CONCAT() but i feel like its not doing the job.
SET #ESQL3 = CONCAT(ESQL3, aggregate_function, "(", table_name, ")" as ", table_name, " , ");
The result is declared first part of query + last call of that function.
I've searched a lot for an answer.
Thank you

Looks like you want to reference the user defined variable, #ESQL3 as an argument in the CONCAT function, rather than the stored program variable ESQL3.
Change this:
SET #ESQL3 = CONCAT(ESQL3, ...
to this:
SET #ESQL3 = CONCAT(#ESQL3, ...
^
(MySQL stored program variables and MySQL user-defined variables are two different things. That is, ESQL3 and #ESQL3 are not the same variable. They are two fundamentally different variables.
EDIT
Also, the rest of the CONCAT arguments look kind of funky. These look okay:
, aggregate_function
, "("
, table_name
But this doesn't look right:
, ")" as ", table_name, " , ");
I don't think the "as" keyword is allowed in CONCAT, and that's not going to be seen as a string literal.
Maybe you mean to include "as" as part of the string value, like this:
, ") as "
, table_name
, " , "
FOLLOWUP
You need to initialize #ESQL3. That's not happening in the code you posted. The scope of the user-defined variable is the session, the value of that variable persists across statements. The next time it's referenced in the session, it's going to have whatever value was last assigned to it.
And when you initialize it, leave off the trailing comma. Add the comma when you append the next expression to the SELECT list.
SET #ESQL3 = "CREATE TABLE Obroty AS SELECT Towar";
^ ^
Note that we need to initialize the user-defined variable which is referenced later.
It matters not one whit what the stored procedure variable ESQL3 is set to. That has no relationship to the user-defined variable #ESQL3.
Inside the loop, when you are appending to #ESQL3, include the comma literal BEFORE the expression, rather than after it. Like this:
SET #ESQL3 = CONCAT(#ESQL3, ", ", funkcja, "(", miech, ") as ", miech );
^^^^
So, entering the loop, #ESQL3 is going to have the value
CREATE TABLE Obroty AS SELECT Towar
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
After the first trip through read_loop, it will have a value like
CREATE TABLE Obroty AS SELECT Towar, SUM(foo) AS foo
^^^^^^^^^^^^^^^^^
The next time through the loop, it will have a value like
CREATE TABLE Obroty AS SELECT Towar, SUM(foo) AS foo, SUM(bar) AS bar
^^^^^^^^^^^^^^^^^
When the loop is exited, you'll be ready to append "FROM whatever. (Make sure you have the space before the FROM.)

Related

mysql query using python 3.6 (string variable is in single quotes)

I am new in python as well as mysql. I am having trouble in populating proper query statement for mysql.
sql = "SELECT * FROM Persons WHERE %s"
cur = db.cursor()
cur.execute(sql,(where,))
where is a string variable which creates a string for WHERE clause; this is the point of question. When I print this variable it give the following result:
Gender = True And IsLate = False
(without any quotes) but when I add this variable to the query to execute it, it adds single quotes around the string.
I used the command
print(cur.statement)
and it prints:
SELECT * FROM Persons WHERE 'Gender = True And IsLate = False'
After supplying parameter, it puts it within single quotes and query returns 0 rows.
I have worked around by concatenating the query statement and variable together and execute the string as query, that worked,
sql = sql + where
cur.execute(sql)
But I know that is not the professional way, as I have searched and found the professional way is to use parameterized query and use variable to store the condition(s) and supplying it at the execution of query.
Looking for advice, am I thinking the right way or otherwise?
The whole point of using parameter substitution in cursor.execute() is that it protects you from SQL injection. Each parameter is treated as a literal value, not substituted into the query and re-interpreted.
If you really want it to be interprted, you need to use string formatting or concatenation, as you discovered. But then you will have to be very careful in validating the input, because the user can supply extra SQL code that you may not have expected, and cause the query to malfunction.
What you should do is build the where string and parameter list dynamically.
where = []
params = []
if gender_supplied:
where.append('gender = %s')
params.append(gender)
if islate_supplied:
where.append*('islate = %s')
params.append(islate)
sql = 'select * from persons'
if where:
query = sql + ' where ' + ' and '.join(where)
else:
query = sql
cur.execute(query, params)

How to use Oracle's JSON_VALUE function with a PreparedStatement

I am trying to run a SQL query using Oracle's json_value() function using a PreparedStatement.
Assume the following table setup:
drop table foo cascade constraints purge;
create table foo
(
id integer primary key,
payload clob,
constraint ensure_json check (payload IS JSON STRICT)
);
insert into foo values (1, '{"data": {"k1": 1, "k2": "foo"}}');
The following SQL query works fine:
select *
from foo
where json_value(payload, '$.data.k1') = '1'
and returns the expected row.
However, when I try to run this query using a PreparedStatement like in the the following piece of code:
String sql =
"select *\n" +
"from foo\n" +
"where json_value(payload, ?) = ?";
PreparedStatement pstmt = conection.prepareStatement(sql);
pstmt.setString(1, "$.data.k1");
pstmt.setString(2, "1");
ResultSet rs = pstmt.executeQuery();
(I removed all error checking from the example to keep it simple)
This results in:
java.sql.SQLException: ORA-40454: path expression not a literal
The culprit is passing the json path value (parameter index 1), the second parameter is no problem.
When I replace (only) the first parameter with a String constant json_value(payload, '$.data.k1') = ? the prepared statement works fine.
In a desperate attempt, I also tried including the single quotes in the parameter: pstmt.setString(1, "'$.data.k1'") but not surprisingly, Oracle wouldn't accept it either (same error message).
I also tried using json_value(payload, concat('$.', ?) ) and only passing "data.k1" as the parameter - same result.
So, the question is:
How can I pass a JSON path expression to Oracle's json_value function using a PreparedStatement parameter?
Any ideas? Is this a bug in the driver or in Oracle? (I couldn't find anything on My Oracle Support)
Or is this simply a case of "not implemented"?
Environment:
I am using Oracle 18.0
I tried the 18.3 and 19.3 version of the ojdbc10.jar driver together with OpenJDK 11.
It isn't the driver - you get the same thing with dynamic SQL:
declare
result foo%rowtype;
begin
execute immediate 'select *
from foo
where json_value(payload, :1) = :2'
into result using '$.data.k1', '1';
dbms_output.put_line(result.payload);
end;
/
ORA-40454: path expression not a literal
ORA-06512: at line 4
And it isn't really a bug, it's documented (emphasis added):
JSON_basic_path_expression
Use this clause to specify a SQL/JSON path expression. The function uses the path expression to evaluate expr and find a scalar JSON value that matches, or satisfies, the path expression. The path expression must be a text literal. See Oracle Database JSON Developer's Guide for the full semantics of JSON_basic_path_expression.
So you would have to embed the path literal, rather than bind it, unfortunately:
declare
result foo%rowtype;
begin
execute immediate 'select *
from foo
where json_value(payload, ''' || '$.data.k1' || ''') = :1'
into result using '1';
dbms_output.put_line(result.payload);
end;
/
1 rows affected
dbms_output:
{"data": {"k1": 1, "k2": "foo"}}
or for your JDBC example (keeping the path as a separate string as you presumably want that to be a variable really):
String sql =
"select *\n" +
"from foo\n" +
"where json_value(payload, '" + "$.data.k1" + "') = ?";
PreparedStatement pstmt = conection.prepareStatement(sql);
pstmt.setString(1, "1");
ResultSet rs = pstmt.executeQuery();
Which obviously isn't what you want to do*, but there doesn't seem to be an alternative. Other than turning your query into a function and passing the path variable in to that, but then the function would have to use dynamic SQL, so the effect is much the same - maybe easier to handle SQL injection concerns that way though.
* and I'm aware you know how to do this the embedded way, and know you want to use bind variables because that's the correct thing to do; I've spelled it out more than you need for other visitors *8-)

Parameter inside identifier

I'm trying to write a add query that will change depending on the parameter. I have several queries:
LastK1StatDate
LastK2StatDate
.
.
LastK15StatDate
LastK16StatDate
My criteria should change depending on the value entered for the parameter "qryKioskNum" when the query is run.
Currently my criteria is this:
>Max("[LastK" & [qryKioskNum] & "StatDate]![K" & [qryKioskNum] & "LastDate]")
qryKioskNum is type Short Text
It keeps giving me the error "The expression is typed incorrectly, or is too complex to be evaluated."
Here is the complete SQL statement for this query:
PARAMETERS qryKioskNum Short;
INSERT INTO K1DispRejStat ( K1StatDate, K1BillCount1, K1BillCount2,
K1BillCount3, K1BillCount4, K1BillCount5, K1BillCount6, K1BillRej1,
K1BillRej2, K1BillRej3, K1BillRej4, K1BillRej5, K1BillRej6 )
SELECT DateValue([responseFrames]![dispDateTime]) AS [Date],
Sum(responseFrames.billCount1) AS SumOfbillCount1,
Sum(responseFrames.billCount2) AS SumOfbillCount2,
Sum(responseFrames.billCount3) AS SumOfbillCount3,
Sum(responseFrames.billCount4) AS SumOfbillCount4,
Sum(responseFrames.billCount5) AS SumOfbillCount5,
Sum(responseFrames.billCount6) AS SumOfbillCount6,
Sum(responseFrames.BillRej1) AS SumOfBillRej1, Sum(responseFrames.BillRej2)
AS SumOfBillRej2, Sum(responseFrames.BillRej3) AS SumOfBillRej3,
Sum(responseFrames.BillRej4) AS SumOfBillRej4, Sum(responseFrames.billRej5)
AS SumOfbillRej5, Sum(responseFrames.billRej6) AS SumOfbillRej6
FROM responseFrames, LastK1StatDate
WHERE (((responseFrames.kioskID)="K1"))
GROUP BY DateValue([responseFrames]![dispDateTime])
HAVING (((DateValue([responseFrames]![dispDateTime]))>Max("[LastK" &
[qryKioskNum] & "StatDate]![K1LastDate]")))
ORDER BY DateValue([responseFrames]![dispDateTime]);
currently everything is set to "K1" but I would like all reference to K1 to be dynamic
I think it is just a syntax issue but can't find how exactly this should be typed out.
Any help is great. Thanks!
*edited for clarity
In msaccess, create a PassThru query (because it retains the multi-line nice format).
Create // QueryDesign // Close // rightClick // SQLSpecific // PassThru
Paste in the following sql.
INSERT INTO kxxdisprejstat
(kxxstatdate,
kxxbillcount1,
kxxbillcount2,
kxxbillcount3,
kxxbillcount4,
kxxbillcount5,
kxxbillcount6,
kxxbillrej1,
kxxbillrej2,
kxxbillrej3,
kxxbillrej4,
kxxbillrej5,
kxxbillrej6)
SELECT Datevalue([responseframes] ! [dispdatetime]) AS [Date],
SUM(responseframes.billcount1) AS SumOfbillCount1,
SUM(responseframes.billcount2) AS SumOfbillCount2,
SUM(responseframes.billcount3) AS SumOfbillCount3,
SUM(responseframes.billcount4) AS SumOfbillCount4,
SUM(responseframes.billcount5) AS SumOfbillCount5,
SUM(responseframes.billcount6) AS SumOfbillCount6,
SUM(responseframes.billrej1) AS SumOfBillRej1,
SUM(responseframes.billrej2) AS SumOfBillRej2,
SUM(responseframes.billrej3) AS SumOfBillRej3,
SUM(responseframes.billrej4) AS SumOfBillRej4,
SUM(responseframes.billrej5) AS SumOfbillRej5,
SUM(responseframes.billrej6) AS SumOfbillRej6
FROM responseframes,
lastkxxstatdate
WHERE (( ( responseframes.kioskid ) = "kxx" ))
GROUP BY Datevalue([responseframes] ! [dispdatetime])
HAVING (( ( Datevalue([responseframes] ! [dispdatetime]) )
> Max([lastkxxstatdate]![kxxlastdate]) ))
ORDER BY Datevalue([responseframes] ! [dispdatetime]);
Name it kxxInsert (or some such, using kxx to say that it is generalized).
Then add this to the program
Sub getKxx()
Dim qrykiosknum As Integer ' temp here to have something
qrykiosknum = 3 ' temp here for an example
Dim kxxSQL As String, strSQL As String
kxxSQL = CurrentDb.QueryDefs("kxxInsert").SQL
strSQL = Replace(kxxSQL, "kxx", "k" & qrykiosknum)
'MsgBox (strSQL) ' it is too big to see all of it
Debug.Print strSQL
' then run strSQL
End Sub
Having dynamic tablename in MSAccess or MSSQLServer is possible when the Replace is done before executing the SQL.
I doubt you can make this work by using a query with a parameter. You are much better off using VBA. Use InputBox to get the variable portion of the query and DoCmd.RunSQL to run the query.

SSRS Wildcard search in Report Parameters

How do I write an SSRS Wildcard search in the Report Parameters
SELECT *
FROM Table1
WHERE Table1.Name = LIKE '%'#Name'%'
or
WHERE Table1.Name = in (:Name)?
How do I do this in SSRS?
Say I have a very simple self-contained query in the report:
with val as
(
select val = 'ABC'
union all select 'DEF'
union all select '1ABC3'
)
select *
from val
where val like #Param
I also have a parameter called Param in the report.
By default, even though I have like in the query, there are no wildcards so only exact matches will be returned:
If we look at the Dataset Properties, we can update the parameter being passed to add wildcards. By default it looks like this:
Change the Parameter Value expression to:
="%" & Parameters!Param.Value & "%"
Now the query text will be using a parameter with wildcards, so partial matches are returning data in the report:
Alternative method
Actually, thinking about this, perhaps an easier way to achieve the above is to do something like this in the report query text:
SELECT *
FROM Table1
WHERE Table1.Name = LIKE '%' + #Name + '%'
i.e. Just concatenate the wildcards directly to the parameter string. This works identically to the first option.
This is how I did it:
Create a report parameter (data type text) named MyFilter
Create a DataSet ReportData with an expression for the source query, something like:
="SELECT FilteredField, FieldValue FROM DataTable " & IIF(Parameters!MyFilter.Value.ToString() = "", "", "WHERE
FilteredField LIKE '%" &
REPLACE(REPLACE(Parameters!MyFilter.Value.ToString(),"*","%"),"?","_")
& "%'")
As you can see, I have a basic SELECT statement which I concatenate with an empty string if the value for MyFilter is an empty string. If a value is filled in, I add a WHERE clause in which I replace the "*" by "%" and "?" by "_"
This is just a simplified version of what we actually did, allowing only "?" and "*" to be used as wildcards, but it works fine for our users.
Use this will solve ur issue
="" & Parametername.value & ""

conditional filter SSRS

My situation is
I have a parameter, this is a list, allowing multi values. That mean the first record in the list is 'Select All'
When user select All I need to include in my report all records that match with the list plus those that are blank. (My dataset is returning these)
When user select only 1 or a few I want to include only these records. No those that are blank
My problem:
I have a filter in my dataset that evaluate a parameter in a list, but I need to add a conditional filter to include a blank records when the selection will be "Select All"
I tried to use expression but this doesn't work
Filter expression
Fields!NAME.Value in = Parameters!List.Value !!!!!!!!!!!! Work Fine
But I need to change it like as
If Parameters!List.Value = 'Select All' Then
Fields!NAME.Value in = Parameters!List.Value or Fields!NAME.Value = " "
Else
Fields!NAME.Value in = Parameters!List.Value
End
Can you give an advice who can I resolve it please !!!
I'm working in SSRS R2
Thanks!!
This worked for me
Expression: =IIF(Parameters!pLocation.Value <> " All Locations", Fields!LOCATION.Value, FALSE)
Operator: =
Value: =IIF(Parameters!pLocation.Value <> " All Locations", Parameters!pLocation.Value, FALSE)
If you use Filter on your Dataset, try this:
Expression: [NAME]
Operator: IN
Value (fx): =Split(Replace(Join(Parameters!List.Value, ","), "Select All", " "), ",")
Try to work along this path. Basically you can reconstruct the multi value items into a string with Join(), and deconstruct it again into array by using Split(); where in between, you can manipulate them, for modifying (e.g. converting "Select All" into " "), adding (imitating "OR"), or removing extra items.
There is an alternative for this.
Add one more item to the paramater dataset values say "Not Available" as Label and value with the null. then there will be no change in the stored procedure and you can retrieve the data.
If the user select the specific item then he will get those values only. If he selects all then he will get the data for the null also with the all the others.
Hope this will help
You can put the logic in just one location if you do it this way.
You filter on the parameter, unless it's all values then the filter always matches.
Just a little cleaner.
Expression: =IIF(Parameters!pLocation.Value <> " All Locations", Fields!LOCATION.Value, " All Locations")
Operator: =
Value: =Parameters!pLocation.Value