Suppose I query a table which contains raw json in a column, or create json myself with a subquery like this:
select
p.name,
(select json_build_array(json_build_object('num', a.num, 'city', a.city)) from address a where a.id = p.addr) as addr
from person p;
How can I instruct Spring's NamedParameterJdbcTemplate not to escape
the addr column but leave it alone?
So far it insists returning me something like this:
[{
name: "John",
addr: {
type: "json",
value: "{"num" : "123", "city" : "Luxembourg"}"
}
}]
This is the working solution.
Service:
#Transactional(readOnly = true)
public String getRawJson() {
String sql = "select json_agg(row_to_json(json)) from ( "
+ "select "
+ "p.id, "
+ "p.name, "
+ "(select array_to_json(array_agg(row_to_json(c))) from ( "
+ " ... some subselect ... "
+ ") c ) as subq "
+ "from person p "
+ "where type = :type "
+ ") json";
MapSqlParameterSource params = new MapSqlParameterSource("type", 1);
return jdbcTemplate.queryForObject(sql, params, String.class);
}
Controller:
#ResponseBody
#GetMapping(value = "/json", produces = MediaType.APPLICATION_JSON_VALUE)
public String getRawJson() {
return miscService.getRawJson();
}
The key is the combination of json_agg and row_to_json / array_to_json plus returning a String to avoid any type conversions.
Related
Ok , I"m doing what looks like a simple Dapper query
but if I pass in my studId parameter, it blows up with this low level networking exception:
{"A request to send or receive data was disallowed because the socket is not connected and (when sending on a datagram socket using a sendto call) no address was supplied."}
if I comment out the line of sql that uses it, fix the where clause, ,and comment out the line where it's added the the parameters object. It retrieves rows as expected.
I've spent the last 2.5 days trying everything I could think of, changing the names to match common naming patterns, changing type to a string (just gave a error converting string to number), yadda yadda yadda..
I'm at a complete loss as to why it doesn't like that parameter, I look at other code that works and they pass Id's just fine...
At this point I figure it has to be an ID-10-t that's staring me in the face and I'm just assuming my way right past it with out seeing it.
Any help is appreciated
public List<StudDistLearnSchedRawResponse> GetStudDistanceLearningScheduleRaw( StudDistLearnSchedQueryParam inputs )
{
var aseSqlConnectionString = Configuration.GetConnectionString( "SybaseDBDapper" );
string mainSql = " SELECT " +
" enrollment.stud_id, " +
" sched_start_dt, " +
" sched_end_dt, " +
" code.code_desc, " +
" student_schedule_dl.enrtype_id, " +
" student_schedule_dl.stud_sched_dl_id, " +
" dl_correspond_cd, " +
" course.course_name, " +
" stud_course_sched_dl.sched_hours, " +
" actual_hours, " +
" course_comments as staff_remarks, " + // note this column rename - EWB
" stud_course_sched_dl.sched_item_id , " +
" stud_course_sched_dl.stud_course_sched_dl_id " +
" from stud_course_sched_dl " +
" join student_schedule_dl on student_schedule_dl.stud_sched_dl_id = stud_course_sched_dl.stud_sched_dl_id " +
" join course on stud_course_sched_dl.sched_item_id = course.sched_item_id " +
" left join code on student_schedule_dl.dl_correspond_cd = code.code_id " +
" join enrollment_type on student_schedule_dl.enrtype_id = enrollment_type.enrtype_id " +
" join enrollment on enrollment_type.enr_id = enrollment.enr_id " +
" where enrollment.stud_id = #studId " +
" and sched_start_dt >= #startOfWeek" +
" and sched_end_dt <= #startOfNextWeek";
DapperTools.DapperCustomMapping<StudDistLearnSchedRawResponse>();
//string sql = query.ToString();
DateTime? startOfWeek = StartOfWeek( inputs.weekStartDateTime, DayOfWeek.Monday );
DateTime? startOfNextWeek = StartOfWeek( inputs.weekStartDateTime.Value.AddDays( 7 ) , DayOfWeek.Monday );
try
{
using ( IDbConnection db = new AseConnection( aseSqlConnectionString ) )
{
db.Open();
var arguments = new
{
studId = inputs.StudId, // it chokes and gives a low level networking error - EWB
startOfWeek = startOfWeek.Value.ToShortDateString(),
startOfNextWeek = startOfNextWeek.Value.ToShortDateString(),
};
List<StudDistLearnSchedRawResponse> list = new List<StudDistLearnSchedRawResponse>();
list = db.Query<StudDistLearnSchedRawResponse>( mainSql, arguments ).ToList();
return list;
}
}
catch (Exception ex)
{
Trace.WriteLine(ex.ToString());
return null;
}
}
Here is the input object
public class StudDistLearnSchedQueryParam
{
public Int64 StudId;
public DateTime? weekStartDateTime;
}
Here is the dapper tools object which just abstracts some ugly code to look nicer.
namespace EricSandboxVue.Utilities
{
public interface IDapperTools
{
string ASEConnectionString { get; }
AseConnection _aseconnection { get; }
void ReportSqlError( ILogger DalLog, string sql, Exception errorFound );
void DapperCustomMapping< T >( );
}
public class DapperTools : IDapperTools
{
public readonly string _aseconnectionString;
public string ASEConnectionString => _aseconnectionString;
public AseConnection _aseconnection
{
get
{
return new AseConnection( _aseconnectionString );
}
}
public DapperTools( )
{
_aseconnectionString = Environment.GetEnvironmentVariable( "EIS_ASESQL_CONNECTIONSTRING" );
}
public void ReportSqlError( ILogger DalLog, string sql, Exception errorFound )
{
DalLog.LogError( "Error in Sql" );
DalLog.LogError( errorFound.Message );
//if (env.IsDevelopment())
//{
DalLog.LogError( sql );
//}
throw errorFound;
}
public void DapperCustomMapping< T >( )
{
// custom mapping
var map = new CustomPropertyTypeMap(
typeof( T ),
( type, columnName ) => type.GetProperties( ).FirstOrDefault( prop => GetDescriptionFromAttribute( prop ) == columnName )
);
SqlMapper.SetTypeMap( typeof( T ), map );
}
private string GetDescriptionFromAttribute( System.Reflection.MemberInfo member )
{
if ( member == null ) return null;
var attrib = (Dapper.ColumnAttribute) Attribute.GetCustomAttribute( member, typeof(Dapper.ColumnAttribute), false );
return attrib == null ? null : attrib.Name;
}
}
}
If I change the SQL string building to this(below), but leave everything else the same(Including StudId in the args struct)... it doesn't crash and retrieves rows, so it's clearly about the substitution of #studId...
// " where enrollment.stud_id = #studId " +
" where sched_start_dt >= #startOfWeek" +
" and sched_end_dt <= #startOfNextWeek";
You name your data members wrong. I had no idea starting a variable name with # was possible.
The problem is here:
var arguments = new
{
#studId = inputs.StudId, // it chokes and gives a low level networking error - EWB
#startOfWeek = startOfWeek.Value.ToShortDateString(),
#startOfNextWeek = startOfNextWeek.Value.ToShortDateString(),
};
It should have been:
var arguments = new
{
studId = inputs.StudId, // it chokes and gives a low level networking error - EWB
startOfWeek = startOfWeek.Value.ToShortDateString(),
startOfNextWeek = startOfNextWeek.Value.ToShortDateString(),
};
The # is just a hint to Dapper, that it should replace with a corresponding member name.
## has special meaning in some SQL dialects, that's probably what makes the trouble.
So here's what I Found out.
The Sybase implementation has a hard time with Arguments.
It especially has a hard time with arguments of type int64 (this existed way pre .NetCore)
So If you change the type of the passed in argument from int64 to int32, everything works fine.
You can cast it, or just change the type of the method parameter
I would like to generate SQL statement from my Dictionary object. Because i have to eliminate the update process of empty string in corresponding column. i can do this via Swift code but doing this repeat action not good. is there any way to do this via SQL Statement?.
i have found some link on StackOverflow.
Asp.net link
and MySQL StackOverflow link
like sample example in python code
def insertFromDict(table, dict):
"""Take dictionary object dict and produce sql for
inserting it into the named table"""
sql = 'INSERT INTO ' + table
sql += ' ('
sql += ', '.join(dict)
sql += ') VALUES ('
sql += ', '.join(map(dictValuePad, dict))
sql += ');'
return sql
def dictValuePad(key):
return '%(' + str(key) + ')s'
let r = sqlFrom(dict: ["name" : "String", "type" : "sort"], for: "MyTable")
print(r)
Needed function:
func sqlFrom(dict : [String : String], for table : String) -> String {
let keys = dict.keys.joined(separator: ", ")
var values = dict.values.joined(separator: "', '")
values = """
'\(values)'
"""
let sql = "INSERT INTO \(table) ( \(keys) ) VALUES ( \( values) );"
return sql
}
Check result here:
Following method will do the job, but will not prevent you from sql injections
func insertStatement(table: String, dict: [String : Any]) -> String {
let values: [String] = dict.values.compactMap { value in
if value is String || value is Int || value is Double {
return "'\(value)'"
} else if let date = value as? Date {
let dateFormatter = DateFormatter()
dateFormatter.dateFormat = "yyyy-MM-dd"
return "'" + dateFormatter.string(from: date) + "'"
}
// handle other types if necessary
return nil
}
return "INSERT INTO \(table) (" + dict.keys.joined(separator: ",") + ") VALUES (" + values.joined(separator: ",") + ")"
}
Usage:
insertStatement(table: "test_table", dict: ["id": 8, "name" : "John", "age" : Date()])
Output: INSERT INTO test_table(id,age,name) VALUES ('8','2019-04-24','John')
To prevent from SQL injections you have to use prepared statements to bind values, such as in the PHP's PDO library, like so:
func insertStatement(table: String, dict: [String : Any]) {
let columns = dict.keys.joined(separator: ",")
let values = dict.keys.map({ ":" + $0 }).joined(separator: ",")
// build the statement
let sql = "INSERT INTO " + table + "(" + columns + ") VALUES (" + values + ")"
var bind: [String : Any] = [:]
for (column, value) in dict {
bind[":\(column)"] = value
}
}
How can I do the following sql code with linq?
SQL;
SELECT BusinessEntityID, FirstName + ' ' + LastName AS "FullName"
FROM Person WHERE FullName LIKE 'a%'
LINQ;
using(var db= new db_Context)
{
var query = db.Person.Select(q=> q.FirstName + " "+ q=>q.FullName)
}
Searching after concatenate the strings is not a good idea. I recommend the search for firstname and lastname separately
var query = db.Person.Where (t => t.FirstName.StartsWith("a") || t.LastName.StartsWith("a") )
.Select(q=> new { q.BusinessEntityID, Fullname = q.FirstName + " " + q.LastName })
Following code will be helpful to you,
var list1 = db.Person.Where (t => t.FirstName.StartsWith("a"))
.Select(q=> new {
BusinessEntityID = q.BusinessEntityID,
Fullname = q.FirstName + " " + q.LastName
});
Or
var list2 = from psn in db.Person
where psn.FirstName.StartsWith("a")
select new {
BusinessEntityID = psn.BusinessEntityID,
Fullname = psn.FirstName + " " + psn.LastName
};
I get error running the following query. I know that I need to use '?' as many as list size, but the size of list differs and I don't know how to replace the '?'.
public List<Object> findAllGrades(String pnr, List<String>codes) {
return jdbcTemplate.query(
"select CourseParticipantship.grade from [thd].[dbo].[CourseParticipantship] "
+ "inner join thd.dbo.CourseMaterial on courseMaterial_id = CourseMaterial.id "
+ "inner join thd.dbo.Course on course_id = Course.id and Course.code in (?)"
+ "inner join thd.dbo.Student on student_id = Student.id "
+ "where Student.personalNumber in (?)",new Object[] { codes, pnr }, new RowMapper() {
public Object mapRow(ResultSet rs, int arg1) throws SQLException {
return rs.getObject("grade");
}
});
}
I get this error: Unable to convert between java.util.ArrayList and JAVA_OBJECT
You should use in here: + "where S.pnr in (?)"
You have to change
+ "where S.pnr= ?",new Object[] { codes, pnr }, new RowMapper() {
to
+ "where S.pnr in (?)",new Object[] { codes, pnr }, new RowMapper() {
I want to pass list of string as parameter
when my query is generated from my application I have this sql code :
SELECT * FROM Transfers TRANSFERS
LEFT OUTER JOIN correspondence_copy CORRESPCPY on CORRESPCPY.ID_COPY = TRANSFERS.ID_COPY
WHERE TRANSFERS.ORDERNBR in ('[236359981, 236359982, 236359983]')
this is the source code in jave where I used List
public List<SupEntity> sendSup(List<String> listOrderNumber)
throws Exception {
String query_tr = " SELECT * ";
query_tr += " FROM Transfers TRANSFERS ";
query_tr +=" LEFT OUTER JOIN correspondence_copy CORRESPCPY on CORRESPCPY.ID_COPY = TRANSFERS.ID_COPY " ;
query_tr +=" WHERE TRANSFERS.ORDERNBR in ('" +listOrderNumber + "')";
SQLQuery sqlQuery = this.getSession().createSQLQuery(query_tr);
sqlQuery.setResultTransformer(Transformers.aliasToBean(
SupEntity.class));
List list = sqlQuery.list();
return list;
}
I call this methode from this code :
public SupListEntity getsupList(
HttpServletRequest request,
SupListEntity supListEntity)
throws Exception {
List<String> list = new ArrayList<String>();
List<CorrespondenceEntity> sendsupList =new ArrayList<SupEntity>();
String [] tabOrder=null;
if(supListEntity.getId()!=null)
{
tabOrder=supListEntity.getId().split(",");
if(tabOrder!=null && tabOrder.length>0)
{
for(int i=0;i<tabOrder.length;i++)
{
list.add(tabOrder[i]);
}
sendsupList = supDAO.sendSup(list);
supListEntity.setCorrespondenceList(sendsupList);
}
}
return supListEntity;
}
so the problem that my query which is generaed has this kind of code :
in ('[236359981, 236359982, 236359983]') which is false
it should be like this
in ('236359981', '236359982', '236359983')
You may try this:
String query_tr = " SELECT * ";
query_tr += " FROM Transfers TRANSFERS ";
query_tr +=" LEFT OUTER JOIN correspondence_copy CORRESPCPY on CORRESPCPY.ID_COPY = TRANSFERS.ID_COPY " ;
query_tr +=" WHERE TRANSFERS.ORDERNBR in (:list)";
SQLQuery sqlQuery = this.getSession().createSQLQuery(query_tr);
sqlQuery.setParameterList("list", listOrderNumber)