I have two User entities u1 and u2
Which have a WorkspaceMember relation by WorkspaceMember.user -> user
And a Workspace entity which contains Workspace.members -> [WorkspaceMember...]
Now what I'm trying to create is a JPQL query which firsts finds two WorkspaceMember entities by their User property and then finding the Workspaces that contain both WorkspaceMember entites.
Here is my query so far which is not working at all - I hope someone can help me on this one as i have not found any suitable example.
String sql = "SELECT wm1 FROM WorkspaceMember wm1 WHERE wm1.user = :user1 AND " +
"SELECT wm2 FROM WorkspaceMember wm2 WHERE wm2.user = :user2 AND EXISTS " +
"(SELECT ws1 FROM Workspace ws1 WHERE (wm1 MEMBER OF ws1.members) AND (wm2r MEMBER OF ws1.members))";
Seconf approach also not working:
String sql2 = "SELECT ws FROM Workspace ws WHERE EXISTS (SELECT wm1 FROM WorkspaceMember wm1 WHERE wm1.user = :user1 AND wm1 MEMBER OF ws.members) AND (SELECT wm2 FROM WorkspaceMember wm2 WHERE wm2.user = :user2 AND wm2 MEMBER OF ws.members)";
Thanks,
Gerrit
Related
DB query to check Account status of the user
DB query to check Entitlement status of the user
DB query to check Role and Access Policy mapping.
Please let me know if anyone have these queries?
For Account status
SELECT usr.usr_login,obj.obj_name,ost.ost_status
FROM orc, usr, obj, oiu, ost, obi WHERE orc.orc_key = oiu.orc_key AND oiu.usr_key = usr.usr_key AND oiu.ost_key = ost.ost_key
AND oiu.obi_key = obi.obi_key AND obi.obj_key = obj.obj_key AND obj.obj_name='ABC' order by usr.usr_login
Entitlement status of the user
select usr.usr_login,ENT_LIST.ent_display_name,
ENT_LIST.ent_value,ENT_ASSIGN.ent_status
from ENT_ASSIGN, usr, ENT_LIST where usr.usr_key = ent_assign.usr_key and
ENT_LIST.ent_list_key = ENT_ASSIGN.ent_list_key
and ENT_LIST.ent_value like 'ABC' order by usr.usr_login,ENT_DISPLAY_NAME;
Role and Access Policy mapping
select pol.pol_name, poc.poc_field_value from pol, poc where poc.pol_key = pol.pol_key AND poc.poc_field_name = 'ABC' order by pol.pol_name, poc.poc_field_value
To check Role assigned to User
select usr.usr_login, ugp.ugp_name from usg usg left outer join usr usr on (usg.usr_key = usr.usr_key)
left outer join ugp ugp on (ugp.ugp_key = usg.ugp_key)
where ugp_name ='ABC'
I have made this query for widget. It is working properly if i pass the value directly(ie. ad_role_id). But it is not running when i use dynamic parameter(:role).
for this i have done entry in parameters too.
Please give me some suggestion on it.
hql query:
SELECT ORG.name AS orgName
,INV.documentNo AS documentNo
,INV.invoiceDate AS invoiceDate
,BP.name AS name
,DT.name AS Doctype
,INV.grandTotalAmount AS grandTotalAmount
FROM Invoice INV,
DocumentType AS DT,
BusinessPartner AS BP,
Organization AS ORG
WHERE ORG.id = INV.organization
AND BP.id = INV.businessPartner
AND INV.transactionDocument = DT.id
AND INV.salesTransaction = 'N'
AND INV.id not in (select distinct e.invoice from InvoiceLine e )
AND INV.organization.id IN (select o.id
from Organization AS o,ADRoleOrganization AS arg,ADRole AS ar
where arg.organization = o.id
and ar.id = arg.role
and arg.role = :role)
Probably your parameter configuration for role was not correct.
use Default_Filter_Expressions and configure role as fixed value in parameter.
http://wiki.openbravo.com/wiki/Projects:Selector/Default_Filter_Expressions
I am working on a page where we need to visually compare the schema of same table across the two database-one in sql server and other in mysql.I have to include indexes as well.
now mysql query shows info along with indexes -
select column_name,column_type,table_name,column_key
from INFORMATION_SCHEMA.COLUMNS where table_name = 'tbl_ClientDN'
But for sql server the same query does not return indexes-
select * from INFORMATION_SCHEMA.COLUMNS where table_name = 'tbl_ClientDN'
so i need query to compbine the result of -
sp_helpindex 'tbl_ClientDN'
how to get column_key showing indexes in mssql query.
any suggestion ?
Stay away from INFORMATION_SCHEMA.COLUMNS, especially for indexes, since things like filtered indexes and included columns are not part of the definition. I talk about this in more detail here:
The case against INFORMATION_SCHEMA views
You want to use sys.indexes and sys.index_columns for this. For example:
DECLARE #tablename NVARCHAR(512) = 'dbo.tbl_ClientDN';
SELECT
[Index] = i.name,
[Column] = c.Name,
[Type] = i.type_desc,
PK = i.is_primary_key,
[Unique] = i.is_unique,
[Unique Constraint] = i.is_unique_constraint,
[DESC] = ic.is_descending_key,
[INCLUDE] = ic.is_included_column,
[Filtered] = i.filter_definition -- only for SQL Server 2008+
FROM
sys.indexes AS i
INNER JOIN
sys.index_columns AS ic
ON i.[object_id] = ic.[object_id]
AND i.index_id = ic.index_id
INNER JOIN
sys.columns c
ON ic.column_id = c.column_id
AND ic.[object_id] = c.[object_id]
WHERE
i.[object_id] = OBJECT_ID(#tablename)
ORDER BY [Index], ic.index_column_id;
If you want to do this for all tables at once, then simple changes:
SELECT
[Table] = QUOTENAME(OBJECT_SCHEMA_NAME(i.[object_id]))
+ '.' + QUOTENAME(OBJECT_NAME(i.[object_id])),
[Index] = i.name,
[Column] = c.Name,
[Type] = i.type_desc,
PK = i.is_primary_key,
[Unique] = i.is_unique,
[Unique Constraint] = i.is_unique_constraint,
[DESC] = ic.is_descending_key,
[INCLUDE] = ic.is_included_column,
[Filtered] = i.filter_definition -- only for SQL Server 2008+
FROM
sys.indexes AS i
INNER JOIN
sys.index_columns AS ic
ON i.[object_id] = ic.[object_id]
AND i.index_id = ic.index_id
INNER JOIN
sys.columns c
ON ic.column_id = c.column_id
AND ic.[object_id] = c.[object_id]
ORDER BY [Table], [Index], ic.index_column_id;
More information available in the topics sys.indexes and sys.index_columns.
You also might want to take a look at Kimberley L. Tripp's sp_helpindex2.
EDIT
In general I agree with #BrianWhite's comment. If you are spending any effort on this at all, you should be using a tool for this instead of re-inventing the wheel and trying to write it yourself. Troubleshooting this one query you've probably already spent, in terms of time, the cost of a good tool. Please read this post:
The cost of reinventing the wheel
Perhaps you are after sp_help
http://msdn.microsoft.com/en-us/library/ms187335.aspx
Simply entering
sp_help myTableName
should give you all the data you could want.
i have created the following ruby script that logs into a mysql database and returns order information based on what username and password the user has entered. my question is how would i go about preventing sql injections? i know that the way it is written at the moment leaves it wide open to attacks but i am new to ruby and am not sure how to go about preventing this.
#!/usr/bin/ruby
#Import mysql module
require "mysql"
begin
#Establish connection to mysql database as the operator user.
connection = Mysql.real_connect("localhost", "operator", "", "rainforest")
#Allow Multi line statements
connection.set_server_option(Mysql::OPTION_MULTI_STATEMENTS_ON)
#Prompt user for username
puts "Please Enter Your Customer Username:"
#Get username entered and store to variable
username = gets.chomp
#Prompt user for password
puts "Please Enter Your Customer Password"
#Get password entered and store to variable
password = gets.chomp
#Specify SQL query that returns order if user entered data matches data held in customer table
customerQuery = connection.query("SELECT O.order_ID, O.date_ordered, C.customer_name, P.product_name
FROM orders As O
INNER JOIN customer As C ON O.customer_ID=C.customer_ID
INNER JOIN product As P ON O.product_ID=P.product_ID
WHERE C.customer_name = '" + name + "' AND C.customer_password = '" + password + "'")
#If query returns a row then user has entered correct login details
if customerQuery.num_rows > 0 then
#tell user they have successfully logged in
puts "User Successfully Authenticated: Hello " + username + ". Here are your orders: \n**********"
#Print all row data containing users order details to screen
while row = customerQuery.fetch_row do
puts row
puts "**********"
end
else
#if no rows return, user has entered incorrect details, inform them of this by printing to screen
puts "User Authentication Unsuccessful:Incorrect Username or Password, Please Try Again"
end
#close connection to database
connection.close
end
Use a prepared statement instead of string concatenation/interpolation:
p = connection.prepare(%q{
select o.order_id, o.date_ordered, c.customer_name, p.product_name
from orders as o
join customer as c on o.customer_id = c.customer_id
join product as p on o.product_id = p.product_id
where c.customer_name = ?
and c.customer_password = ?
})
customerQuery = p.execute(name, password)
if customerQuery.num_rows > 0
customerQuery.each do |row|
#...
end
else
#...
end
If you absolutely must use string interpolation for some bizarre reason, then use connection.quote:
customerQuery = connection.query(%Q{
select o.order_id, o.date_ordered, c.customer_name, p.product_name
from orders as o
join customer as c on o.customer_id = c.customer_id
join product as p on o.product_id = p.product_id
where c.customer_name = '#{connection.quote(name)}'
and c.customer_password = '#{connection.quote(password)}'
})
But really, don't do this unless you have no other choice. And in this case, you don't have to use string manipulation for this.
Here is how the the database is layout. I can connect to DB fine.
I had it pullling from database two things but adding a third i can not get it to pull. I just need some help if i could ..
database - mmoore_drupal
table 1
table name = content_type_uprofile
data
vid= 19723
nid =19674
field_name_value = matthew moore
table 2
table name = location_instance
data
lid = 1521
vid = 19723
nid = 19674
table 3
table name = location
data
lid = 1521
street =
city =
country =
latitude =
longitude =
I am trying to pull name and then other info from the other two tables. But mainly i need to have name and other information from location. I thought i had to have the other table to associate the connection. Any help is appreciated.
$query = "SELECT content_type_uprofile.field_name_value,location.street,location.city
FROM location_instance,location,content_type_uprofile
WHERE location_instance.lid = location.lid and location_instance.nid=content_type_uprofile.nid"
$result = mysql_query($query) or die(mysql_error());
// Print out the contents of each row into a table
while($row = mysql_fetch_array($result)){
echo $row['nid']."-".$row['street']. " - ". $row['city'];
echo "<br />";
}
?>
Use this SQL (explicit join syntax):
SELECT
content_type_uprofile.nid,
location.street,
location.city
FROM
content_type_uprofile
INNER JOIN location_instance
ON (content_type_uprofile.nid = location_instance.nid)
INNER JOIN location
ON (location_instance.lid = location.lid)
The SQL that you posted is using implicit join SQL syntax.
I think for some reason, I think the line in your SQL:
WHERE location_instance.lid = location.lid and location_instance.nid=content_type_uprofile.nid
is filtering out all the rows from your result set. I'm not sure because I avoid the implicit syntax.
You were also missing the nid field which your PHP code is looking for in the result set.
As long as your data is correct (i.e. the fields that you are joining on have the right values), the SQL that I posted will work for you.
You ever done something with join's?
select *.locaition,
*.content_type_uprofile
from location_instance li
inner join location l on l.lid = li.lid
inner join content_type_uprofile ctu on ctu.vid = li.vid