Hey all I have the following SQL query:
Class.forName("oracle.jdbc.driver.OracleDriver");
PreparedStatement stmt = con.prepareStatement("SELECT " +
"DECODE(MAX(ID), NULL, 'NO', 'YES') BOOL_VAL " +
"FROM " +
"MASTERNICSDB " +
"WHERE " +
"FTAG = ? " +
"AND " +
"BADGENUM IS ?");
stmt.setString(1, System.getenv("COMPUTERNAME").toUpperCase());
stmt.setNull(2, Types.VARCHAR);
ResultSet rs = stmt.executeQuery();
rs.next();
The issue with the above is that it keeps throwing:
ORA-00908: missing NULL keyword
I have tried all of the following:
stmt.setNull(2, Types.VARCHAR);
stmt.setString(2, "NULL");
stmt.setNull(2, oracle.jdbc.OracleTypes.VARCHAR);
stmt.setObject(2, null);
None of which seem to work. They all get the same error as above.
However, if I place the values inside the query all is fine - but I don't want to do that due to SQL injection and all that fun stuff.
Related
As the title suggests, i'm currently trying to add parts to the JPQL-query using collection-valued named parameters (:queryLst).
Function call:
List<PanelSet> psetLst = setRepository.getMaxZchnrGroupByLeftEight(p.getCustomerNumber(), p.getDrawingNumber(), queryLst);
queryLst:
// Is used to store values from scanned and convert them into parts of a query
ArrayList<String> queryLst = new ArrayList<>();
for (int i = 0; i < size1; i++) {
scanEdvRev = scanned.get(i).toString();
queryLst.set(i, "and left(a.drawingnumber, 8) != left('" + scanEdvRev + "', 8)");
}
SetRepository:
public interface SetRepository extends CrudRepository<PanelSet, Integer> {
#Query("select distinct max(a.drawingNumber) from PanelSet a "
+ "where a.customerNumber = :customerNumber "
+ "and a.drawingNumber != :drawingNumber (:queryLst) "
+ "group by left(a.drawingNumber, 8)")
List<PanelSet> getMaxZchnrGroupByLeftEight(#Param("customerNumber") String customerNumber,
#Param("drawingNumber") String drawingNumber,
#Param("queryLst") ArrayList<String> queryLst);
}
When i run the project i get the following exception:
org.hibernate.hql.internal.ast.QuerySyntaxException: unexpected token: ( near line 1, column 159 [select distinct max(a.drawingNumber) from com.asetronics.qis2.model.PanelSet a where a.customerNumber = :customerNumber and a.drawingNumber != :drawingNumber (:queryLst) group by left(a.drawingNumber, 8)]
I'm unsure whether my approach to this problem is the correct way of doing this and whether this exception is caused by a simple syntax error or by my usage of collection-valued named parameters.
I've followed this guide trying to solve the problem.
EDIT: I'm basically trying to add each String from ArrayList<String> queryLst to the parametrized query inside setRepository.
#Query("select distinct max(a.drawingNumber) from PanelSet a "
+ "where a.customerNumber = :customerNumber "
+ "and a.drawingNumber != :drawingNumber (:queryLst) "
+ "group by left(a.drawingNumber, 8)")
If successful, the query behind the function
List<PanelSet> getMaxZchnrGroupByLeftEight(#Param("customerNumber") String customerNumber,
#Param("drawingNumber") String drawingNumber,
#Param("queryLst") ArrayList<String> queryLst);
should look like this:
queryStr = "select distinct max(a.drawingNumber) from PanelSet a "
+ "where a.customerNumber = " + customerNumber + ""
+ "and a.drawingNumber != " + drawingNumber + "";
for (String s : queryLst) {
queryStr = queryStr + s;
}
queryStr = queryStr + " group by left(a.drawingNumber, 8)";
I hope this clarifies what i'm trying to do with queryLst.
It can't be done using your approach of passing in a list of query chunks.
The closest you'll get is by adding every possible condition to the query and provide values for all those conditions in a way that allows conditions to be ignored, typically by providing a null.
You code might look like this:
#Query("select distinct max(a.drawingNumber) from PanelSet a "
+ "where a.customerNumber = :customerNumber "
+ "and a.drawingNumber != :drawingNumber "
+ "and a.myTextColumn = coalesce(:myTextColumn, a.myTextColumn) "
+ "and a.myIntegerColumn = coalesce(:myIntegerColumn, a.myIntegerColumn) "
// etc for all possible runtime conditions
+ "group by left(a.drawingNumber, 8)")
List<PanelSet> getMaxZchnrGroupByLeftEight(
#Param("customerNumber") String customerNumber,
#Param("drawingNumber") String drawingNumber,
#Param("myTextColumn") String myTextColumn,
#Param("myIntegerColumn") Integer myIntegerColumn);
Passing null for myTextColumn or myIntegerColumn will allow that column to be any value (except null).
You'll have to find SQL that works for the type of conditions you have and the data type of the columns involved and whether nulls are allowed.
If passing nulls doesn't work, use a special value, perhaps blank for text columns and some "impossible" date like 2999-01-01 fir date columns etc and code the condition like:
and (a.myCol = :myCol or :myCol = '2999-01-01')
When this code runs, I get an UPDATE writing error. Does anybody know what the problem is, and how to fix it?
This is the code:
string sql2 = "UPDATE ezuser";
sql2 += " SET fname = '" + Request.Form["fname"]+ "'";
sql2 += " , lname = '" + Request.Form["lname"] + "'";
sql2 += " , fav = '" + Request.Form["fav"] + "'";
sql2 += " , pw = '" + Request.Form["pw"] + "'";
sql2 += " , order = '" + Request.Form["order"] + "'";
sql2 += " WHERE email = '" + Request.Form["email"] + "'";
MyAdoHelper.DoQuery(fileName, sql2);
Eventhough the question doesnt tell me much about the datatypes of columns, the only thing I could suspect here is the order column, which might be of integer datatype and you might be passing string to that.
Additional note: your code looks very much vulnerable to sql injections. Please take a look into that as well.
At least in SQL Server, order is a reserved keyword and needs to properly quoted if used literally as a column name. Like so:
sql2 += " , [order] = '" + Request.Form["order"] + "'";
As sabhari already mentioned, you need to learn about SQL Injection and how to properly guard against that. Research parametrized statements for the programming language you are using.
Hello I have written the following method in spring data jpa repo:
#RestResource(exported = false)
#Query(
value = "select q.* " +
"from question q " +
"left join question_program qp " +
"on q.question_id = qp.question_id " +
"where " +
"q.difficulty_level_id = ?1 " +
"and " +
"q.paid = false " +
"and " +
"qp.program_id = ?2 " +
"order by random() " +
"limit ?3",
nativeQuery = true
)
List<Question> getFreeRandomQuestions(
#Param("df") Integer df,
#Param("programId") Integer programId,
#Param("qs") Integer qs);
It is returning an empty list whereas when I run the same query in pgadmin I get all the desired rows. It also works in spring data jpa if I remove the join with question_program. What am I doing wrong?
UPDATE:
I have tried select q ... and select * .... Both have the same problem
UPDATE:
I kind of solved this by implementing a service which fetches that data using sessionFactory and raw sql query!.
When my query executes within my VB application I am receiving the following error:
ORA-00942: table or view does not exist
All table names in my query are spelt correctly, and do in fact exist.
If I dump the query from my VB.net app and then run the query manually in Oracle SQL Plus it executes just fine.
In both cases I am logged in with the exact same credentials and have selected the same database. For my connection within visual basic I am using OleDb.
From within my visual basic application I also ran a query to dump all tables which the user has access to using
select table_name from all_tables
And the table names which I am querying show up.
Any idea what would be causing this?
SELECT
RSS.STEP_STATUS_DATE,
RSS.VALUE_RECORDED
FROM
ITR,
REPORT R,
INSTRUCTION I,
INSTRUCTION_STEP INS,
REPORT_STEP RS,
REPORT_STEP_STATUS RSS
WHERE
ITR.ITR_NO = '1' AND
I.INSTRUCTION_ID = '12345' AND
INS.STEP_NO = '2' AND
R.INSTRUCTION_ID = I.INSTRUCTION_ID AND
RS.REPORT_ID = R.REPORT_ID AND
RS.INSTRUCTION_STEP_ID = INS.INSTRUCTION_STEP_ID AND
RSS.REPORT_STEP_ID = RS.REPORT_STEP_ID AND
RSS.MEASUREMENT_NAME = 'ESN'
My visual basic code is as follows:
strQuery = "SELECT RSS.STEP_STATUS_DATE, " +
" RSS.VALUE_RECORDED " +
"FROM ITR, " +
" REPORT R, " +
" INSTRUCTION I, " +
" INSTRUCTION_STEP INS, " +
" REPORT_STEP RS, " +
" REPORT_STEP_STATUS RSS " +
"WHERE ITR.ITR_NO = '%01' AND " +
" I.INSTRUCTION_ID = '%02' AND " +
" INS.STEP_NO = '%03' AND " +
" R.INSTRUCTION_ID = I.INSTRUCTION_ID AND " +
" RS.REPORT_ID = R.REPORT_ID AND " +
" RS.INSTRUCTION_STEP_ID = INS.INSTRUCTION_STEP_ID AND " +
" RSS.REPORT_STEP_ID = RS.REPORT_STEP_ID AND " +
" RSS.MEASUREMENT_NAME = '%04'"
I'm looking at this portion (and others like it):
RSS.MEASUREMENT_NAME = '%04'
I expect you meant to do this:
RSS.MEASUREMENT_NAME LIKE '%04'
While I'm here, almost no one uses the "A,B" join syntax any more. It's extremely out-dated, and can lead to errors where join conditions are applied to the wrong tables, such that the query doesn't return any results... in other words, it might even be causing the problem you have right now.
This query gives a array ob objects instead of giving me the Tracking object back.
In the log i see:
java.lang.ClassCastException: [Ljava.lang.Object; cannot be cast to com.quoka.qis.ads.web.tracking.Tracking
#NamedNativeQuery(
name = "Tracking.findByNo",
query = "select * " +
"from inet.TRACKING t " +
"where t.prditmNO = ?1"
)
TypedQuery<Tracking> q = em.createNamedQuery("Tracking.findByNo", Tracking.class);
q.setParameter(1, adno);
List<Tracking> list = q.getResultList();
return list.isEmpty()?null:list.get(0);
Thanks for you help.
You use a native query. You should use a JPA query.
#NamedQuery( name = "Tracking.findByNo",
query = "select t " +
"from Tracking t " +
"where t.prditmNO = ?1" )